06 December 2011

EICAR - Test Your Anti-Virus



The EICAR test file (official name: EICAR Standard Anti-Virus Test File) is a file, developed by the European Institute for Computer Antivirus Research, to test the response of computer antivirus (AV) programs. The rationale behind it is to allow people, companies, and AV programmers to test their software without having to use a real computer virus that could cause actual damage should the AV not respond correctly. EICAR likens the use of a live virus to test AV software to setting a fire in a trashcan to test a fire alarm, and promotes the EICAR test file as a safe alternative.

AV programmers set the EICAR string as a verified virus like any other signatures. A compliant virus scanner, when detecting the file, will respond in exactly the same manner as if it found genuinely harmful code. Its use can be more versatile than straightforward detection: a file containing the EICAR test string can be compressed or archived, and then the antivirus software can be run to see whether it can detect the test string in the compressed file.
The file is simply a text file of either 68 or 70 bytes that is a legitimate executable file called a COM file that can be run by Microsoft operating systems and some work-alikes (except for 64-bit due to 16-bit limitations), including OS/2. When executed, it will print "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!" and then stop. The test string was specifically engineered to consist of ASCII human-readable characters, easily created using a standard computer keyboard. It makes use of self-modifying code to work around technical issues that this constraint makes on the execution of the test string.

Source

Guide written by softwarescrackerz


EICAR file basically is a fake virus which is design to test whether an Anti-Virus is working normally as it should be on your system or not. Do not worry if in any case that your Anti-Virus failed to detect it (EICAR file) as virus because it will not do any harm to your system if it doesn't. In the scenario that if your Anti-Virus failed to detect EICAR file as thread (virus), you should really be worry because there must be something wrong with either your Anti-Virus or your system setting. Here are some factor that (might) lead to this problem and some safety measure to be taken:

-Anti-Virus are badly configured. Go to the official site of your Anti-Virus and get some support there. You might also try re-install or change your Anti-Virus software to another one as it might not be compatible to your current system.

-Your system is infected. Do a full system scan with various Anti-Virus tool/software. If problem persist, the final solution would be to reformat your system.

Setup

Here how you create the EICAR test file.

1. Launch notepad.
2. Copy the following code and paste it to the notepad


X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

3. Save the file as "All Files" and name it as "EICAR.com" (without quotation)

4. Run it and it should be detected as thread by your Anti-Virus.

Leave a reply here if there any inquiry.

Reactions:

0 comments:

Post a Comment