Tuesday, August 02, 2005

What is EICAR test file and how to create it?

EICAR is a standard anti virus test file. This is a "dummy" virus which can be used to test a Virus scanner. This can be used to test whether the background (or real-time) scanner of an Antivirus is working properly or not.

EICAR stands for European Institute of Computer Antivirus Research. This file has .COM extension; all it does when executed is display the text "EICAR-STANDARD-ANTIVIRUS-TEST-FILE" and exit.

This file can be downloaded from Eicar website. But, you can create the EICAR file by yourself by using a text editor like NotePad. The file should be saved in standard MS-DOS ASCII format. Open NotePad, and copy the below mentioned text and paste it in NotePad:-

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Then go to File Menu and click Save As and save the file with any name, but it should have the extension COM. For example, you can save it as Eicar.com.

When you double-click on this file, your Antivirus should detect as “Eicar” and it should also inform you that it’s not a virus.

2 Comments:

Blogger Q_And_Not_U said...

Swatkat- this is great stuff. Keep it up.
BTW, what do you think about the current crop of AV products...

7:49 AM  
Blogger swatkat said...

thanks :)

3:21 AM  

Post a Comment

<< Home