EICAR test file

EICAR test file

The EICAR test file (official name: EICAR Standard Anti-Virus Test File) is a file, developed by the European Institute for Computer Antivirus Research, to test the response of computer antivirus (AV) programs. The rationale behind it is to allow people, companies, and AV programmers to test their software without having to use a real computer virus that could cause actual damage should the AV not respond correctly. EICAR likens the use of a live virus to test AV software to setting a fire in a trashcan to test a fire alarm, and promotes the EICAR test file as a safe alternative.

A compliant virus scanner, when detecting the file, will respond in exactly the same manner as if it found genuinely harmful code. Its use can be more versatile than straightforward detection - for example, a file containing the EICAR test string can be compressed or archived, and then the antivirus software can be run to see whether it can detect the test string in the compressed file.

The file is simply a text file of either 68 or 70 bytes that is a legitimate executable file called a COM file that can run by Microsoft operating systems and some work-alikes, including OS/2. When executed, will print "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!" and stop. The test string was specifically engineered to consist of ASCII human-readable characters, easily created using a standard computer keyboard. It makes use of self-modifying code to work around technical issues that this constraint makes on the execution of the test string.

The Eicar test string reads: X5O!P%@AP [4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

It can be created by using notepad and save as .com extension. Or download via [http://www.eicar.org Website of EICAR] .

Notes:
*The third character in the string is the capital letter O, not a zero.
*Although the string itself is 68 bytes in length, some text editors add an extra blank line (CR+LF) to the end of the file, increasing the size to 70 bytes. This does not affect its functionality.

ee also

* GTUBE - a similar test for unsolicited bulk email (e-mail spam)

External links

* [http://www.eicar.org/anti_virus_test_file.htm The Anti-Virus test file] (EICAR)
* [http://www.eicartest.com/ The Anti-Virus test file (EICAR)] (mirror)
* [http://mirror.href.com/thestarman/asm/eicar/eicarcom.html Assembly-language analysis of the EICAR test file]
* [http://archives.neohapsis.com/archives/ntbugtraq/2003-q3/0015.html Let's have fun with EICAR test file]
* [http://kingofgng.com/eng/2008/07/28/eicar-test-file-antimalware-testing-with-no-collateral-damages/ EICAR test file, antimalware testing with no collateral damages]


Wikimedia Foundation. 2010.

Игры ⚽ Нужна курсовая?

Look at other dictionaries:

  • EICAR-Test-File — EICAR (или EICAR Test File  от European Institute for Computer Antivirus Research)  стандартный файл, применяемый для проверки, работает ли антивирус. По сути вирусом не является; будучи запущенным как COM файл DOS, всего лишь выводит… …   Википедия

  • EICAR — may refer also to the Ecole Internationale de Creation Audiovisuelle et de Réalisation, an international film school in Paris. EICAR, the European Institute for Computer Antivirus Research, was founded in 1990 as an organization aiming to further …   Wikipedia

  • EICAR-Testdatei — Meldung der Eicar Testdatei bei der Ausführung Die EICAR Testdatei (Eigenbezeichnung: THE ANTI VIRUS OR ANTI MALWARE TEST FILE) ist ein vom European Institute for Computer Antivirus Research (EICAR) entwickeltes Testmuster, mit dessen Hilfe die… …   Deutsch Wikipedia

  • Eicar-Testdatei — Meldung der Eicar Testdatei bei der Ausführung Die EICAR Testdatei (Englisch „Eicar test file“ ) ist ein von der European Expert Group for IT Security EICAR entwickeltes Testmuster, mit dessen Hilfe die Funktion von Antivirenprogrammen getestet… …   Deutsch Wikipedia

  • EICAR — Saltar a navegación, búsqueda La prueba EICAR consiste en un archivo que sirve para comprobar la eficacia de los programas antivirus. La ventaja que tiene sobre otras comprobaciones es que el equipo queda libre de riesgos. Se trata de un… …   Wikipedia Español

  • Fichier De Test Eicar — Pour les articles homonymes, voir EICAR. Cet article fait partie de la série Programmes malveillants …   Wikipédia en Français

  • Fichier de test eicar — Pour les articles homonymes, voir EICAR. Cet article fait partie de la série Programmes malveillants …   Wikipédia en Français

  • Fichier de test Eicar — Pour les articles homonymes, voir EICAR. Le fichier de test Eicar est une chaîne de caractères, écrite dans un fichier informatique, destiné à tester le bon fonctionnement des logiciels antivirus. En anglais, il est dénommé « Anti Virus test …   Wikipédia en Français

  • CARO — (Computer AntiVirus Researcher s Organization) is an informal group of individuals who have been working together since around 1990 across corporate and academic borders to study the whole of computer malware. CARO essentially superseded other… …   Wikipedia

  • SpamAssassin — Infobox Software name = SpamAssassin caption = E mail recognized as spam by SpamAssassin, here in the Novell Evolution email client. collapsible = yes developer = Apache Software Foundation [http://cvs.apache.org/viewcvs.cgi/spamassassin/trunk/CRE… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”