Testing Product Operation

The EICAR (European Institute for Computer Anti-Virus Research) test helps testing performance of anti-virus programs that detect viruses using signatures. This test was designed specially so that users could test reaction of newly-installed anti-virus tools to detection of viruses without compromising security of their computers.

Although the EICAR, test is not actually a virus, it is treated by the majority of anti-viruses as if it were a virus. On detection of this “virus”, Dr.Web anti-virus products report the following: EICAR Test File (NOT a Virus!). Other anti-virus tools alert users in a similar way. The EICAR test file is a 68-byte COM-file for MS DOS/MS Windows that outputs the following line on the terminal screen or to the console emulator when executed:


The EICAR test contains the following character string only:


To create your own test file with the “virus”, you may create a new file with the line mentioned above.

If Dr.Web for UNIX Mail Servers operates correctly, the test file is detected during a file system scan regardless of the scan type and the user is notified on the detected threat: EICAR Test File (NOT a Virus!).

An example of a command that checks operation of Dr.Web for UNIX Mail Servers by means of EICAR test from the command line:

$ tail <opt_dir>/share/doc/drweb-se/readme.eicar | grep X5O > testfile && drweb-ctl rawscan testfile && rm testfile

This command sets off from the file <opt_dir>/share/doc/drweb-se/readme.eicar (supplied with Dr.Web for UNIX Mail Servers) a string that represents the body of the EICAR test file, then writes it into a file named testfile created in the current directory, then scans the resulting file and removes this file afterwards.

The above-mentioned test requires write access to the current directory. In addition, make sure that it does not contain a file named testfile (if necessary, change the file name in the command).


For details on conventions for <opt_dir>, <etc_dir>, and <var_dir>, refer to the Introduction.

If a test virus is detected, the following message is displayed:

<path to the current directory>/testfile - infected with EICAR Test File (NOT a Virus!)

If an error occurs during the test, refer to the description of known errors (see Appendix F. Known Errors).