Testing the Anti-Virus

Testing the Anti-virus with EICAR file

The EICAR (European Institute for Computer Anti-Virus Research) test file helps to test performance of anti-virus programs that detect threats using signature analysis.

For this purpose, most of the anti-virus software vendors generally use a standard test.com program. This program was designed specially so that users could test reaction of newly-installed anti-virus tools to threat detection without compromising security of their computers. Although the test.com program is not actually malicious, it is treated by the majority of anti-viruses as if it were a threat. On detection of this file, Dr.Web reports the following: EICAR Test File (Not a Virus!). Other anti-virus tools alert users in a similar way.

The test.com program is a 68-byte COM-file that prints the following line on the console when executed: EICAR-STANDARD-ANTIVIRUS-TEST-FILE!

The test.com file contains the following character string only:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

To make your own test file with the “threat”, create a new file with this line and save it as test.com.

Note

When running in the Optimal mode, SpIDer Guard does not terminate execution of an EICAR test file and the file is not processed as malicious since it does not pose any actual threat to your system. However, if you copy or create such a file in your system, it will be detected by SpIDer Guard and moved to Quarantine by default.