The EICAR test file (official name: EICAR Standard Anti-Virus Test File) is a file, developed by the European Institute for Computer Antivirus Research, to test the response of computer antivirus (AV) programs. The rationale behind it is to allow people, companies, and AV programmers to test their software without having to use a real computer virus that could cause actual damage should the AV not respond correctly. EICAR likens the use of a live virus to test AV software to setting a fire in a trashcan to test a fire alarm, and promotes the EICAR test file as a safe alternative.
AV programmers set the EICAR string as a verified virus like any other signatures. A compliant virus scanner, when detecting the file, will respond in exactly the same manner as if it found genuinely harmful code. Its use can be more versatile than straightforward detection: a file containing the EICAR test string can be compressed or archived, and then the antivirus software can be run to see whether it can detect the test string in the compressed file.
Contents |
Some antivirus programs no longer search for or identify the EICAR test file.
The file is simply a text file of either 68 or 70 bytes that is a legitimate executable file called a COM file that can be run by Microsoft operating systems and some work-alikes (except for 64-bit due to 16-bit limitations), including OS/2. When executed, it will print "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!" and then stop. The test string was specifically engineered to consist of ASCII human-readable characters, easily created using a standard computer keyboard. It makes use of self-modifying code to work around technical issues that this constraint makes on the execution of the test string.
The EICAR test string reads:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*[1]
|
|||||||||||||||||