Menu
Home Explore People Places Arts History Plants & Animals Science Life & Culture Technology
On this page
EICAR test file
Computer file to test antivirus software

The EICAR Anti-Virus Test File, created by the European Institute for Computer Antivirus Research and the Computer Antivirus Research Organization, is a harmless file designed to test antivirus software without using real computer viruses. Antivirus programs recognize the EICAR string as a verified virus signature, triggering a response similar to detecting genuine malware, though detection methods can vary among scanners. The test file can also be compressed or archived to assess antivirus capabilities with compressed files. Many AMTSO Feature Settings Checks utilize the EICAR test string to evaluate antivirus effectiveness safely and reliably without risking real infections.

We don't have any images related to EICAR test file yet.
We don't have any YouTube videos related to EICAR test file yet.
We don't have any PDF documents related to EICAR test file yet.
We don't have any Books related to EICAR test file yet.

Design

The file is a text file of between 68 and 128 bytes7 that is a legitimate .com executable file (plain x86 machine code) that can be run by MS-DOS, some work-alikes, and its successors OS/2 and Windows (except for 64-bit due to 16-bit limitations). The EICAR test file will print "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!" when executed and then will stop. The test string was written by anti-virus researchers Padgett Peterson and Paul Ducklin and engineered to consist of ASCII human-readable characters, easily created using a standard computer keyboard.8 It makes use of self-modifying code to work around technical issues that this constraint imposes on the execution of the test string.9

The EICAR test string10 reads11

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

The third character is the capital 'O' in the Latin alphabet, not the digit zero.

Adoption

According to EICAR's specification the antivirus detects the test file only if it starts with the 68-byte test string and is not more than 128 bytes long. As a result, antiviruses are not expected to raise an alarm on some other document containing the test string.12 The test file can still be used for some malicious purposes, exploiting the reaction from the antivirus software. For example, a race condition involving symlinks can cause antiviruses to delete themselves.13

See also

References

  1. "Is Your Antivirus Working?". PCMAG. Retrieved 17 April 2017. http://securitywatch.pcmag.com/security-software/312184-is-your-antivirus-working

  2. Hay, Richard (12 September 2016). "How To: Test the SmartScreen Filter and Windows Defender Detection Scenarios". IT Pro Today. Retrieved 3 July 2019. https://www.itprotoday.com/windows-server/how-test-smartscreen-filter-and-windows-defender-detection-scenarios

  3. Hess, Ken. "360 Total Security Anti-virus first impressions: Refreshingly subtle but thorough". ZDNet. Retrieved 17 April 2017. https://www.zdnet.com/article/360-total-security-anti-virus-first-impressions/

  4. "The Use and Misuse of Test Files in Anti-Malware Testing" (PDF). AMTSO. 24 February 2012. Retrieved 3 July 2019. https://www.amtso.org/wp-content/uploads/2018/05/AMTSO-Use-and-Misuse-of-Test-Files-in-Anti-Malware-Testing-FINAL.pdf

  5. "AMTSO Security Features Check Tools". AMTSO. https://www.amtso.org/security-features-check/

  6. "AMTSO Security Features Check Tools". AMTSO. https://www.amtso.org/security-features-check/

  7. Willems, Eddy (June 2003). "The Winds of Change: Updates to the EICAR Test File" (PDF). Virus Bulletin. https://www.virusbulletin.com/uploads/pdf/magazine/2003/200306.pdf

  8. Willems, Eddy. "EICAR's Test File History" (PDF). Eicar – European Expert Group for IT–Security. Archived from the original (PDF) on 16 December 2015. Retrieved 9 May 2020. https://web.archive.org/web/20151216140407/https://www.eicar.org/files/01_-_eicar_test_file_history.pdf

  9. "Anatomy of the EICAR Antivirus Test File". NinTechNet's updates and security announcements. 26 August 2021. https://blog.nintechnet.com/anatomy-of-the-eicar-antivirus-test-file/

  10. "EICAR-STANDARD-ANTIVIRUS-TEST-FILE". Retrieved 21 July 2019. https://secure.eicar.org/eicar.com.txt

  11. "Virus Profile: EICAR test file". McAfee. Archived from the original on 5 February 2009. Retrieved 9 May 2020. https://web.archive.org/web/20090205210908/https://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=98616

  12. "Download Anti Malware Testfile – Eicar" (in German). Archived from the original on 28 April 2022. Retrieved 22 September 2020. https://web.archive.org/web/20220428213743/https://www.eicar.org/?page_id=3950

  13. "Exploiting (Almost) Every Antivirus Software – RACK911 Labs". https://rack911labs.ca/research/exploiting-almost-every-antivirus-software/