EICAR test file

From Wikipedia, the free encyclopedia

Please help improve this article or section by expanding it.
Further information might be found on the talk page or at requests for expansion.
This article has been tagged since January 2007.

The EICAR test file is a file, developed by the EICAR, to test the response of computer antivirus (AV) programs. The rationale behind it is to allow people companies and AV programmers to test their software without having to use a real computer virus that could cause actual damage should the AV not respond correctly. EICAR likens the use of a live virus to test AV software to setting a fire in a trashcan to test a fire alarm, and promotes the EICAR test file as a safe alternative.

A compliant virus scanner, when detecting the file, will respond in exactly the same manner as if it found genuinely harmful code. Its use can be more versatile than straightforward detection - for example, a file containing the Eicar test string can be compressed or archived, and then the antivirus software can be run to see whether it can detect the test string in the compressed file.

The file is simply a text file of either 68 or 70 bytes that is a legitimate executable file called a COM file that can run by Microsoft operating systems and some work-alikes, including OS/2. When executed, will print "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!" and stop. The test string was specifically engineered to consist of ASCII human-readable characters, easily created using a standard computer keyboard.

The Eicar test string reads:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Notes:

The third character in the string is the capital letter O, not a zero.
Although the string itself is 68 bytes in length, some text editors add an extra blank line to the end of the file, increasing the size to 70 bytes. This does not affect its functionality.
"EICAR-STANDARD-ANTIVIRUS-TEST-FILE!" can be replaced with any other 35-lettered message of your choice.