Testing Product Operation

The EICAR (European Institute for Computer Anti-Virus Research) test helps testing operation of anti-virus programs that detect viruses using signatures. This test was designed specifically so that users could test reaction of an installed anti-virus to a threat without putting their computers at risk.

Although the EICAR test program is not actually malware, it is treated by the majority of anti-viruses as a virus. Dr.Web anti-virus products report the following upon detection of this “virus”: EICAR Test File (NOT a Virus!). Other anti-viruses alert users in a similar way. The EICAR test program is a 68-byte .com file for MS-DOS/Windows that outputs the following message to the console or to a terminal emulator screen when running:

The test program body contains only text characters that form the following string:

If you create a text file consisting of the string provided above, the resulting file will be the “virus” program.

If Dr.Web for UNIX Mail Servers operates correctly, this file must be detected during a file system scan regardless of the scan type and the user must be notified of the detected threat: EICAR Test File (NOT a Virus!).

An example of a command to test operation of Dr.Web for UNIX Mail Servers using the EICAR test program:

This command writes the string that represents the body of the EICAR test program to a file named testfile created in the current directory, scans the resulting file and removes this file afterwards.

If the test “virus” is detected, the following message is displayed:

If an error occurs during the test, refer to the description of known errors.