Testing Product Operation |
The EICAR (European Institute for Computer Anti-Virus Research) test helps testing operation of anti-virus programs that detect viruses using signatures. This test was designed specifically so that users could test reaction of an installed anti-virus to a threat without putting their computers at risk. Although the EICAR test program is not actually malware, it is treated by the majority of anti-viruses as a virus. Dr.Web anti-virus products report the following upon detection of this “virus”: EICAR Test File (NOT a Virus!). Other anti-viruses alert users in a similar way. The EICAR test program is a 68-byte .com file for MS-DOS/Windows that outputs the following message to the console or to a terminal emulator screen when running:
The test program body contains only text characters that form the following string:
If you create a text file consisting of the string provided above, the resulting file will be the “virus” program. If Dr.Web for Linux operates correctly, this file must be detected during a file system scan regardless of the scan type and the user must be notified of the detected threat: EICAR Test File (NOT a Virus!). An example of a command to test operation of Dr.Web for Linux using the EICAR test program:
This command writes the string that represents the body of the EICAR test program to a file named testfile created in the current directory, scans the resulting file and removes this file afterwards.
If the test “virus” is detected, the following message is displayed:
If an error occurs during the test, refer to the description of known errors.
|