Aces High Bulletin Board
General Forums => Hardware and Software => Topic started by: NHawk on February 18, 2009, 04:25:58 PM
-
I don't know if anyone has ever seen this before, but this will test your anti-virus software to see if it is working properly.
Open Notepad and paste the string below into it...
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Save the file with the name test.com
If your anti-virus software is working correctly it should alert you immediately about the presence of the EICAR virus and either remove it automatically or prompt you what to do with it. If need be, have the software remove the file.
If you are not alerted to its presence, or if you can successfully save the file without being alerted of its presence, it's time to look for new anti-virus software.
NOTE: THIS IS NOT an actual virus. It is a test sequence of characters that imitates a virus.
-
I don't know if anyone has ever seen this before, but this will test your anti-virus software to see if it is working properly.
Open Notepad and paste the string below into it...
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Save the file with the name test.com
If your anti-virus software is working correctly it should alert you immediately about the presence of the EICAR virus and either remove it automatically or prompt you what to do with it. If need be, have the software remove the file.
If you are not alerted to its presence, or if you can successfully save the file without being alerted of its presence, it's time to look for new anti-virus software.
NOTE: THIS IS NOT an actual virus. It is a test sequence of characters that imitates a virus.
I will await Llama's opinion.
-
I will await Llama's opinion.
More info...
http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2003-121611-3209-99
-
ah rgr. I'm very cautious type of fellow.
-
It's called forcing a false-trigger. Our game does it all the time. :)
-
With Command and Conquer (game) and WMP open it took my AVG about 01:13 (mm:ss) to detect it. :)
-
I will await Llama's opinion.
Wow. Someone's actually waiting for my opinion! It was bound to happen sooner or later. ;-)
OK, The Eicar Test String (developed by the European Institute for Computer Antivirus Researchas, hence the name) is basically something that all antivirus programs detect as a virus by a "gentlemen's agreement." This string really isn't dangerous in any way, but it is always included as one of the viruses in a virus definition file for testing purposes. Theoretically, it is the only "false positive" an AV utility should detect, since it really isn't harmful but it is flagged as if it is.
For example, if you are concerned that something has "knocked out" your antivirus program, you could try to save a file with The Eicar Test String and see if your AV software flags it as a virus. If it doesn't do anything, you should suspect something is wrong with your AV software's background scanner. If you manually scan it and it doesn't create an alarm, you should suspect something is wrong with the foreground scanner.
If you don't feel like finding and messing around with real viruses, it is a perfectly fine way to test for minimum AV functionality.
But again, it isn't dangerous, any more than pointing your finger at someone and saying "Bang!" is dangerous.
For the record, I never use The Eicar Test String to test anti-malware products. In fact, I don't even bother creating a file with it, since I have tens of thousands of real viruses I can test with that I can use to generate some detection statistics of my own.
-Llama