The EICAR (European Institute for Computer Anti-Virus Research) Test File helps testing performance of anti-virus programs that detect viruses using signatures.
For this purpose, most of the anti-virus software vendors generally use a standard test.com program. This program was designed specially so that users could test reaction of newly-installed anti-virus tools to detection of viruses without compromising security of their computers. Although the test.com program is not actually a virus, it is treated by the majority of anti-viruses as if it were a virus. On detection of this "virus", Dr.Web Anti-virus Solutions reports the following: EICAR Test File (Not a Virus!). Other anti-virus tools alert users in a similar way.
The test.com program is a 68-byte COM-file that prints the following line on the console when executed: EICAR-STANDARD-ANTIVIRUS-TEST-FILE!
The test.com file contains the following character string only:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
To create your own test file with the "virus", you may create a new file with this line and save it with as test.com.
|
When you attempt to execute an EICAR file while SpIDer Guard is running in the optimal mode, the operation is not terminated and the file is not processed as malicious since it does not pose any actual threat to your system. However, if you copy or create such a file in your system, then it is detected by SpIDer Guard and moved to Quarantine by default. |
