WARNING only authorized MIS staff should test antivirus software in this way as it may violate your company’s acceptable useage rules.
Antivirus Test File
Are your anti-virus programs working. Using real viruses for testing in the real world is rather like setting fire to the dustbin in your office to see whether the smoke detector is working. Such a test will give meaningful results, but with unappealing, unacceptable risks. You may have been lucky? enough to be sent a real virus and not had a disaster. However, you should test and there is a way to test without introducing a real virus.
EICAR Standard Antivirus Test File
The (European Institute of Computer Anti-virus Research), along with antivirus vendors, has developed this test file to assist users in testing their installations of antivirus software. It is recommended that vendors detect this file, but some may not.
This is NOT A VIRUS. The file is a test file which may be used to test antivirus software. The code is harmless and when detected properly the virus scanner will display the following message: EICAR-TEST-FILE
A number of anti-virus researchers have already worked together to produce a file that their (and many other) products "detect" as if it were a virus.
Agreeing on one file for such purposes simplifies matters for users: in the past, most vendors had their own pseudo-viral test files which their product would react to, but which other products would ignore.
This test file has been provided to for distribution as the “ Standard Anti-Virus Test File". It is safe to pass around, because it is not a virus, and does not include any fragments of viral code. Most products react to it as if it were a virus (though they typically report it with an obvious name, such as "EICAR-AV-Test"). The file is a legitimate DOS program, and produces sensible results when run (it prints the message "EICAR-STANDARD-ANTIVIRUS-TEST-FILE").
It is also short and simple - in fact, it consists entirely of printable ASCII characters, so that it can easily be created with a regular text editor. Any anti-virus product which supports the test file should "detect" it in any file which starts with the following 68 characters:
To keep things simple, the file uses only upper case letters, digits and punctuation marks, and does not include spaces. The only thing to watch out for when typing in the test file is that the third character is the capital letter "O", not the digit zero.
Important note: FirstNetSecurity cannot be held responsible when these files or your AV scanner in combination with these files cause any damage to your computer. You download these files at your own risk. Download these files only if you are sufficiently secure in the usage of your AV scanner. Please contact the manufacturer/vendor of your AV scanner to provide such help.
eicar.com This file contains the ASCII string as described above.
eicar.com.txt This file is a copy of eicar.com with a different filename. Some users reported problems when downloading the first file, which can be circumvented when using the second version. Just download and rename the file to "eicar.com".
eicar_com.zip This version contains the test file inside a zip archive. A good anti-virus scanner will spot a 'virus' inside an archive
eicarcom2.zip The last version is a zip archive containing the previous zip archive. This file can be used to see whether the virus scanner checks archives more than only one level deep.
Once downloaded run your AV scanner. It should detect at least the file "eicar.com". Good scanners will detect the 'virus' in the single zip archive and may be even in the double zip archive. Once detected the scanner might not allow you any access to the file(s) anymore. You might not even be allowed by the scanner to delete these files. This is caused by the scanner which puts the file into quarantine. The test file will be treated just like any other real virus infected file. Read the user's manual of your AV scanner what to do or contact the vendor/manufacturer of your AV scanner.