EICAR test file
 |
This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. (September 2011) |
The EICAR test file (official name: EICAR Standard Anti-Virus Test File) is a file, developed by the European Institute for Computer Antivirus Research, to test the response of computer antivirus (AV) programs. The rationale behind it is to allow people, companies, and AV programmers to test their software without having to use a real computer virus that could cause actual damage should the AV not respond correctly. EICAR likens the use of a live virus to test AV software to setting a fire in a trashcan to test a fire alarm, and promotes the EICAR test file as a safe alternative.
AV programmers set the EICAR string as a verified virus like any other signatures. A compliant virus scanner, when detecting the file, will respond in exactly the same manner as if it found genuinely harmful code. Its use can be more versatile than straightforward detection: a file containing the EICAR test string can be compressed or archived, and then the antivirus software can be run to see whether it can detect the test string in the compressed file.
Contents |
[edit] Problems
Some antivirus programs no longer search for or identify the EICAR test file.[citation needed]
[edit] Design
The file is simply a text file of either 68 or 70 bytes that is a legitimate executable file called a COM file that can be run by Microsoft operating systems and some work-alikes (except for 64-bit due to 16-bit limitations), including OS/2. When executed, it will print "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!" and then stop. The test string was specifically engineered to consist of ASCII human-readable characters, easily created using a standard computer keyboard. It makes use of self-modifying code to work around technical issues that this constraint makes on the execution of the test string.
The EICAR test string reads:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*[1]
[edit] See also
- GTUBE - a similar test for unsolicited bulk email (e-mail spam)
[edit] References
[edit] External links
- Official Site of the European Institute For Computer Antivirus Research (also known as the European Expert Group for IT-Security)
- Assembly-language analysis of the EICAR test file
- Let's have fun with EICAR test file — detailed information and assembly analysis
|
|||||||||||||||||
 |
This malware-related article is a stub. You can help Wikipedia by expanding it. |
