testing antivirus scanner software.

EICAR Standard Anti-Virus Test File

Recently a customer was testing antivirus scanning software, both on trafic and on servers/clients. This had to be tested on several environments, including production and really didnt want to use a real infected file. The following showed up, didn’t know about it, chances are there are others that doesnt know about this.

“The EICAR Standard Anti-Virus Test File or EICAR test file is a computer file that was developed by the European Institute for Computer Antivirus Research (EICAR) and Computer Antivirus Research Organization (CARO), to test the response of computer antivirus (AV) programs. Instead of using real malware, which could do real damage, this test file allows people to test anti-virus software without having to use a real computer virus.

Anti-virus programmers set the EICAR string as a verified virus, similar to other identified signatures. A compliant virus scanner, when detecting the file, will respond in exactly the same manner as if it found a harmful virus. Not all virus scanners are compliant, and may not detect the file even when they are correctly configured.

The use of the EICAR test string can be more versatile than straightforward detection: a file containing the EICAR test string can be compressed or archived, and then the antivirus software can be run to see whether it can detect the test string in the compressed file.”

EICAR test file – Wikipedia, the free encyclopedia

Steps to use it:
Create a .txt file on your drive, open your AV scanner software and create an exclusion on this file and location. Update the contents of the file with the referenced. Scanner software will not quarentine it with that name and location, however anywhere you move it, it should be detected and removed.