Testing Your Anti-Virus Software

The EICAR Standard Anti-Virus Test File

bitdefender logo 4


Though it is clearly irresponsible to make viruses available to anyone who asks , users often want some way of checking that they have deployed their Anti-virus software correctly, or of deliberately generating a "virus incident" in order to test their procedures, or of showing what they would see if they were hit by a virus.

Using real viruses for testing in the real world is rather like setting fire to the dustbin in your office to see whether the smoke detector is working. Such a test will give meaningful results, but with unappealing, unacceptable risks.

Since it is unacceptable for you to use a real viruse for test purposes, you need a test file that can safely be used, and which is obviously non-viral, but which your anti-virus software will react to as if it were a real virus.

The good news is that such a test file already exists. A number of anti-virus researchers have already worked together to produce a file that their (and many other) products "detect" as if it were a virus. This test file is known as the "EICAR (European Institute for Computer Anti-virus Research) Standard Anti-Virus Test File", and it satisifies all the criteria for testing safely.

It is safe to pass around, because it is not a virus, and does not include any fragments of viral code. Most products react to it as if it were a virus (though they typically report it with an obvious name: Some for example, call it "EICAR-AV-Test".The file is a legitimate DOS program, and produces sensible results when run (it prints the message "EICAR-STANDARD-ANTIVIRUS- TEST-FILE"). It is also short and simple -- in fact, it consists entirely of printable ASCII characters, so that it can easily be created with a regular text editor.

Any anti-virus product which supports the EICAR test file should "detect" it in any file which starts with the following 68 characters:

               X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

To keep things simple, the file uses only upper case letters, digits and punctuation marks, and does not include spaces. The only things to watch out for when typing in the test file are that the third character is the capital letter "O", not the digit zero, and that all 68 characters must be on one line, which must be the very first line in the file.

So, to use it, simply create a text file with the code above as the first line in the file.

You can rename the text file and give it a ".com" or a ".exe" file extension to simulate an executable program file.

You are encouraged to make use of this EICAR test file to test your Anti-Virus software, but please always remember....  Anti-Virus software is great and you absolutely MUST have it installed, but it is NOT infallible!

We are only trying to keep up with the virus creators and hackers..... I don't think we can ever be one step ahead of them.... rather the opposite!

No matter what software you have installed, these guys are constantly trying to overcome it, and they do.

Why?????  because they can.....

 

 

Latest News

Most Read