EICAR test file: Difference between revisions
Undid revision 756700527 by 59.144.135.7 (talk) |
Citations provided from Google News Sources |
||
| Line 1: | Line 1: | ||
The '''EICAR Standard Anti-Virus Test File'''<ref>{{Cite news|url=http://securitywatch.pcmag.com/security-software/312184-is-your-antivirus-working|title=Is Your Antivirus Working?|work=PCMAG|access-date=2017-04-17|language=en}}</ref> or '''EICAR test file''' is a computer file that was developed by the [[EICAR|European Institute for Computer Antivirus Research]] (EICAR) and [[CARO|Computer Antivirus Research Organization]] (CARO), to test the response of computer [[antivirus]] (AV) programs<ref>{{Cite web|url=http://winsupersite.com/windows-10/how-test-smartscreen-filter-and-windows-defender-detection-scenarios|title=How To: Test the SmartScreen Filter and Windows Defender Detection Scenarios|website=winsupersite.com|language=en|access-date=2017-04-17}}</ref>. Instead of using real malware, which could do real damage, this test file allows people to test anti-virus software without having to use a real [[computer virus]]<ref>{{Cite news|url=http://www.zdnet.com/article/360-total-security-anti-virus-first-impressions/|title=360 Total Security Anti-virus first impressions: Refreshingly subtle but thorough {{!}} ZDNet|last=Hess|first=Ken|work=ZDNet|access-date=2017-04-17|language=en}}</ref>. |
|||
{{Refimprove|date=September 2011}} |
|||
The '''EICAR Standard Anti-Virus Test File''' or '''EICAR test file''' is a computer file that was developed by the [[EICAR|European Institute for Computer Antivirus Research]] (EICAR) and [[CARO|Computer Antivirus Research Organization]] (CARO), to test the response of computer [[antivirus]] (AV) programs. Instead of using real malware, which could do real damage, this test file allows people to test anti-virus software without having to use a real [[computer virus]]. |
|||
Anti-virus programmers set the EICAR string as a verified virus, similar to other identified signatures. A compliant virus scanner, when detecting the file, will respond in exactly the same manner as if it found a harmful virus. Not all virus scanners are compliant, and may not detect the file even when they are correctly configured. |
Anti-virus programmers set the EICAR string as a verified virus, similar to other identified signatures. A compliant virus scanner, when detecting the file, will respond in exactly the same manner as if it found a harmful virus. Not all virus scanners are compliant, and may not detect the file even when they are correctly configured. |
||
| Line 9: | Line 8: | ||
The file is a [[text file]] of between 68 and 128 [[byte]]s <ref>[https://www.virusbtn.com/pdf/magazine/2003/200306.pdf Eddy Willems, “The Winds of Change: Updates to the EICAR Test File”, Virus Bulletin June 2003]</ref> that is a legitimate [[executable]] file called a [[COM file]] that can be run by [[MS-DOS]], some work-alikes, and its successors [[OS/2]] and [[Windows]] (except for 64-bit due to 16-bit limitations). When executed, the EICAR test file will print "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!" and then will stop. The test string was [[Alphanumeric code|engineered]] to consist of [[ASCII]] human-readable characters, easily created using a standard computer keyboard. It makes use of [[self-modifying code]] to work around technical issues that this constraint imposes on the execution of the test string. |
The file is a [[text file]] of between 68 and 128 [[byte]]s <ref>[https://www.virusbtn.com/pdf/magazine/2003/200306.pdf Eddy Willems, “The Winds of Change: Updates to the EICAR Test File”, Virus Bulletin June 2003]</ref> that is a legitimate [[executable]] file called a [[COM file]] that can be run by [[MS-DOS]], some work-alikes, and its successors [[OS/2]] and [[Windows]] (except for 64-bit due to 16-bit limitations). When executed, the EICAR test file will print "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!" and then will stop. The test string was [[Alphanumeric code|engineered]] to consist of [[ASCII]] human-readable characters, easily created using a standard computer keyboard. It makes use of [[self-modifying code]] to work around technical issues that this constraint imposes on the execution of the test string. |
||
The EICAR test string<ref>[https://secure.eicar.org/eicar.com.txt https://secure.eicar.org/eicar.com.txt]</ref> reads: |
The EICAR test string<ref>[https://secure.eicar.org/eicar.com.txt https://secure.eicar.org/eicar.com.txt]</ref> reads<ref>{{Cite web|url=https://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=98616|title=EICAR test file {{!}} Virus Profile & Definition {{!}} McAfee Inc.|website=home.mcafee.com|language=en|access-date=2017-04-17}}</ref>: |
||
{{EICAR test file}} |
{{EICAR test file}} |
||
Revision as of 14:06, 17 April 2017
The EICAR Standard Anti-Virus Test File[1] or EICAR test file is a computer file that was developed by the European Institute for Computer Antivirus Research (EICAR) and Computer Antivirus Research Organization (CARO), to test the response of computer antivirus (AV) programs[2]. Instead of using real malware, which could do real damage, this test file allows people to test anti-virus software without having to use a real computer virus[3].
Anti-virus programmers set the EICAR string as a verified virus, similar to other identified signatures. A compliant virus scanner, when detecting the file, will respond in exactly the same manner as if it found a harmful virus. Not all virus scanners are compliant, and may not detect the file even when they are correctly configured.
The use of the EICAR test string can be more versatile than straightforward detection: a file containing the EICAR test string can be compressed or archived, and then the antivirus software can be run to see whether it can detect the test string in the compressed file.
Design
The file is a text file of between 68 and 128 bytes [4] that is a legitimate executable file called a COM file that can be run by MS-DOS, some work-alikes, and its successors OS/2 and Windows (except for 64-bit due to 16-bit limitations). When executed, the EICAR test file will print "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!" and then will stop. The test string was engineered to consist of ASCII human-readable characters, easily created using a standard computer keyboard. It makes use of self-modifying code to work around technical issues that this constraint imposes on the execution of the test string.
The EICAR test string[5] reads[6]:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
See also
- GTUBE – a similar test for unsolicited bulk email (e-mail spam)
References
- ^ "Is Your Antivirus Working?". PCMAG. Retrieved 2017-04-17.
- ^ "How To: Test the SmartScreen Filter and Windows Defender Detection Scenarios". winsupersite.com. Retrieved 2017-04-17.
- ^ Hess, Ken. "360 Total Security Anti-virus first impressions: Refreshingly subtle but thorough | ZDNet". ZDNet. Retrieved 2017-04-17.
- ^ Eddy Willems, “The Winds of Change: Updates to the EICAR Test File”, Virus Bulletin June 2003
- ^ https://secure.eicar.org/eicar.com.txt
- ^ "EICAR test file | Virus Profile & Definition | McAfee Inc". home.mcafee.com. Retrieved 2017-04-17.
External links
- Official Site of the European Institute For Computer Antivirus Research (also known as the European Expert Group for IT-Security)
- Assembly-language analysis of the EICAR test file
- Let's have fun with EICAR test file – detailed information and assembly analysis
- Test Files and Product Evaluation: the Case for and against Malware Simulation
- Antivirus results from scanning the EICAR file
 | This malware-related article is a stub. You can help Wikipedia by expanding it. |