Testing the Operation of the Product |
The EICAR (European Institute for Computer Anti-Virus Research) Test helps testing performance of anti-virus programs that detect viruses using signatures. This test was designed specially so that users could test reaction of newly-installed anti-virus tools to detection of viruses without compromising security of their computers. Although the EICAR test is not actually a virus, it is treated by the majority of anti-viruses as if it were a virus. On detection of this “virus”, Dr.Web anti-virus products report the following: . Other anti-virus tools alert users in a similar way. The test file is a 68-byte COM-file for / that outputs the following line on the console when executed:
The EICAR test contains the following character string only:
To create your own test file with the “virus”, you may create a new file with the line mentioned above. If Dr.Web for UNIX Internet Gateways operates correctly, the test file is detected during a file system scan regardless of the scan type, and the user is notified on the detected threat: . An example of a command that checks operation of the program by means of test from the command line:
From the file <opt_dir>/share/doc/drweb-common/readme.eicar (supplied with the product), this command retrieves a string that represent a body of the test file, then writes it to the file testfile located in the current catalog, checks the received file, and removes the created file.
If a test virus is detected, the following message is displayed:
If an error occurs during the test, refer to the description of known errors (see Appendix F. Known Errors).
|