Did you know there was a way to test anti-virus/anti-malware applications to make sure they are working correctly? Well, there is. “Eicar” is a string of code which most antivirus applications detect as a virus, typically with an obvious name like EICAR-AV-Test. In the past, each antivirus vendor had their own test code to set off their product. However in recent years the Eicar test file has become somewhat of an industry standard and most major antivirus software will spot it. In this article, we’ll tell you what it can test and show you how to make a test file.
What Eicar Wont Do
First of all, lets clear up the fact that the Eicar test file will not test how comprehensive an antivirus product is with detecting viruses because most mainstream products have detection by default. Any antivirus software that doesn’t detect it doesn’t acknowledge the standard and wont detect it as a virus because as I mentioned earlier, it contains no virus code.
What Eicar Will Do
Eicar will test real-time/resident scanners to make sure they are activated and working properly. It will also partially test how good the real-time/resident scanner is. For example, McAfee antiviruses real-time scanner wont even let you save the test file. AVG Antivirus wont pick it up until its opened or scanned.
Ok, Lets Make a Test File
Copy and Paste the following line into a text file:
Now, save it with the file name eicar.com. Thats pretty much all you need to do to create a basic Eicar test file. However, we have provided some samples to test antivirus applications in a little more depth. You may need to deactivate your antivirus software to download this:
eicar.zip - Passworded archive so antivirus software doesn't block the download. Password is "technibble"
There are 3 files in this zip file:
eicar.com - Basic test file.
eicar_com.zip - Dont unzip. Tests whether the antivirus software scans within zip files.
eicarcom2.zip - Dont unzip. Tests whether the antivirus software will scan a zip file within zip file.
If you plan to carry the test file around on your USB memory stick with your computer repair tools, be sure to put eicar in a passworded archive. Otherwise, some clients antivirus software will detect and delete it off your USB drive. If its passworded, the antivirus cant see into the archive and therefor doesn't get deleted. Another option is to put it on a read only device such as a CD.
[warning]For some antivirus software, once the antivirus discovers the eicar test it may disallow access to the file because it quarantines it. Instructions for unlocking the file are antivirus brand specific, so you'll have to contact the vendor for steps of how to unlock it. However, in most cases if you just clear the quarantine area of your antivirus software, that usually fixes it.[/warning]