Testing the Anti-Virus |
Testing the Anti-virus with EICAR file The EICAR (European Institute for Computer Anti-Virus Research) test file helps to test performance of anti-virus programs that detect threats using signature analysis. For this purpose, most of the anti-virus software vendors generally use a standard test.com program. This program was designed specially so that users could test reaction of newly-installed anti-virus tools to threat detection without compromising security of their computers. Although the test.com program is not actually malicious, it is treated by the majority of anti-viruses as if it were a threat. On detection of this file, Dr.Web reports the following: EICAR Test File (Not a Virus!). Other anti-virus tools alert users in a similar way. The test.com program is a 68-byte COM-file that prints the following line on the console when executed: EICAR-STANDARD-ANTIVIRUS-TEST-FILE! The test.com file contains the following character string only: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* To make your own test file with the “threat”, create a new file with this line and save it as test.com.
Testing the Anti-Virus with CloudCar file To check the Dr.Web Cloud service, use the CloudCar test file by AMTSO (Anti-Malware Testing Standards Organization). This file is specially created to check cloud service operation. It is not a virus. To check Dr.Web Cloud operation 1.Temporarily disable the SpIDer Gate component, if it is installed. Make sure the usage of the Dr.Web Cloud service is enabled. 2.Download the test file. For that, go to http://kettle.dev.drweb.com/public/cloudcar.exe (EXE, 7 KB). 3.If the SpIDer Guard is installed and enabled, Dr.Web automatically moves the file to quarantine after the file is saved to the computer. If the SpIDer Guard component is not installed or disabled, scan the downloaded file. For that, right-click on the file name and select the option in the context menu. 4.Check that the test file is processed by Dr.Web as CLOUD:AMTSO.Test.Virus. The CLOUD prefix in the threat name indicates correct Dr.Web Cloud operation. 5.Enable the SpIDer Gate component if it has been disabled according to step 1 of this instruction. |