Test Antivirus Programs with the Eicar Test File

Did you know there was a way to test anti-virus/anti-malware applications to make sure they are working correctly? Well, there is. “Eicar” is a string of code which most antivirus applications detect as a virus, typically with an obvious name like EICAR-AV-Test. In the past, each antivirus vendor had their own test code to set off their product. However in recent years the Eicar test file has become somewhat of an industry standard and most major antivirus software will spot it. In this article, we’ll tell you what it can test and show you how to make a test file.


What Eicar Wont Do

First of all, lets clear up the fact that the Eicar test file will not test how comprehensive an antivirus product is with detecting viruses because most mainstream products have detection by default. Any antivirus software that doesn’t detect it doesn’t acknowledge the standard and wont detect it as a virus because as I mentioned earlier, it contains no virus code.

What Eicar Will Do

Eicar will test real-time/resident scanners to make sure they are activated and working properly. It will also partially test how good the real-time/resident scanner is. For example, McAfee antiviruses real-time scanner wont even let you save the test file. AVG Antivirus wont pick it up until its opened or scanned.

Ok, Lets Make a Test File

Copy and Paste the following line into a text file:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Now, save it with the file name eicar.com. Thats pretty much all you need to do to create a basic Eicar test file. However, we have provided some samples to test antivirus applications in a little more depth. You may need to deactivate your antivirus software to download this:

eicar.zip - Passworded archive so antivirus software doesn't block the download. Password is "technibble"

There are 3 files in this zip file:
eicar.com - Basic test file.
eicar_com.zip - Dont unzip. Tests whether the antivirus software scans within zip files.
eicarcom2.zip - Dont unzip. Tests whether the antivirus software will scan a zip file within zip file.

If you plan to carry the test file around on your USB memory stick with your computer repair tools, be sure to put eicar in a passworded archive. Otherwise, some clients antivirus software will detect and delete it off your USB drive. If its passworded, the antivirus cant see into the archive and therefor doesn't get deleted. Another option is to put it on a read only device such as a CD.

[warning]For some antivirus software, once the antivirus discovers the eicar test it may disallow access to the file because it quarantines it. Instructions for unlocking the file are antivirus brand specific, so you'll have to contact the vendor for steps of how to unlock it. However, in most cases if you just clear the quarantine area of your antivirus software, that usually fixes it.[/warning]



Bryce Whitty

About the Author

Bryce Whitty
More articles by me...
Bryce is an Australian computer technician and the founder of Technibble. He started his computer repair business when he was 17 years old and is still running it 9 years later. He is an avid traveller and spends at least a month of the year in another country.

Comments (17)

  • HA, very nice.. i tested out various AV applications, and i got some very surprising results.

    Good for me, as Kaspersky almost got set off, on each of the above scenario’s. It dint even let me save the code in a txt file.

    I feel much protected now :-)

  • DNA Networks says:

    Which AV program do you recommend?

    I’m currently using Symantec’s Corporate Edition in tandem with Zone Alarm Anti-Spam/Firewall.

    Zone Alarm has caught several things that Symantec did not so I’m wondering if I should explore others.

  • Vitiated says:

    This file is, IMHO, garbage. Think about it; all you would have to do is code an “anti-virus” program that detects this and you’re set. This is a VERY well-known file which, by itself, offers no other guarantee for the competence of AV software.

    The one useful aspect is to confirm that your virus program is actually working properly when you attempt to access it.

  • Bryce W says:

    Vitiated, I mentioned this exactly under “What Eicar Wont do” and “What Eicar Will do”.

  • Vitiated says:

    Guess I should have read rather than skimmed, eh?

  • Bryce W says:

    Hehe, we live in a bite-sized world now. With all our Diggs, Reddits and Slashdots to read. Skimming is the only way to get though it all :)

  • Not sure if it really is “independent”, objective or impartial… I’ll give it an interesting though…

    http://www.av-comparatives.org/

    On this site you will find independent comparatives of Anti-Virus software. All products listed in our comparatives are already a selection of some very good anti-virus products. In order to get tested by us, companies must fulfill various conditions and minimum requirements.

  • Mike says:

    WHAT! Nice – I’ve always wondered if there was away to test and see if any of these free software programs work. I’ve traditionally used AVG and have always had good success but now I can check software that my friends and family have and let them know if it’s good.

  • Administrator says:

    This article causes alot of fun on my computer. When I do my backups of Technibble, obviously these eicar test files come down with it. So, my computer is happily doing a virus scan and boom “OMG I FOUND A VIRUS!”. Gets kind of annoying since Eicar is in every backup since this article :)

  • Funny that you have those problems with backups. One thing I can defiantly use this for is to see if spyware has somehow disabled antivirus programs. If it detects this file then I know its working still. BTW this site is becoming my #1 resource.

  • zac says:

    OMG i have norton security suite 2008 and it didnt pick it up but my free ones did:
    avg free
    spybot search and destroy
    ad-aware free

  • Jon says:

    Malwarebytes is the best.

  • gowthaman says:

    hai i said avast and super anti spyware are the best solutions if spywares disable avast but super antispyware delete that change avast settings to get full protection.

  • gowthaman says:

    cool cool

  • gowthaman says:

    avast detect all links and just abourt the connuction so that webpages does not open.
    cool cool

  • What does that say about your Norton Antivirus Software??

  • Richard says:

    I look forward to checking this out. Did you update Norton before the scan? Was it still active? I downloaded an anti virus called Hitman Pro or something from here. Has anyone had success with it?