The EICAR (European Institute for Computer Anti-Virus Research) test helps testing performance of anti-virus programs that detect viruses using signatures. This test was designed specially so that users could test reaction of newly-installed anti-virus tools to detection of viruses without compromising security of their computers.
Although the EICAR, test is not actually a virus, it is treated by the majority of anti-viruses as if it were a virus. On detection of this “virus”, Dr.Web anti-virus products report the following: EICAR Test File (NOT a Virus!). Other anti-virus tools alert users in a similar way. The EICAR test file is a 68-byte COM-file for MS DOS/MS Windows that outputs the following line on the terminal screen or to the console emulator when executed:
EICAR-STANDARD-ANTIVIRUS-TEST-FILE! |
The EICAR test contains the following character string only:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* |
To create your own test file with the “virus”, you may create a new file with the line mentioned above.
If Dr.Web for UNIX Mail Servers operates correctly, the test file is detected during a file system scan regardless of the scan type and the user is notified on the detected threat: EICAR Test File (NOT a Virus!).
An example of a command that checks operation of Dr.Web for UNIX Mail Servers by means of EICAR test from the command line:
$ tail <opt_dir>/share/doc/drweb-se/readme.eicar | grep X5O > testfile && drweb-ctl rawscan testfile && rm testfile |
This command sets off from the file <opt_dir>/share/doc/drweb-se/readme.eicar (supplied with Dr.Web for UNIX Mail Servers) a string that represents the body of the EICAR test file, then writes it into a file named testfile created in the current directory, then scans the resulting file and removes this file afterwards.
|
The above-mentioned test requires write access to the current directory. In addition, make sure that it does not contain a file named testfile (if necessary, change the file name in the command).
For details on conventions for <opt_dir>, <etc_dir>, and <var_dir>, refer to the Introduction. |
If a test virus is detected, the following message is displayed:
<path to the current directory>/testfile - infected with EICAR Test File (NOT a Virus!) |
If an error occurs during the test, refer to the description of known errors (see Appendix F. Known Errors).