How to Test Your Antivirus

The EICAR test file (official name: EICAR Standard Anti-Virus Test File) is a file, developed by the European Institute for Computer Antivirus Research, to test the response of computer antivirus (AV) programs. The rationale behind it is to allow people, companies, and AV programmers to test their software without having to use a real computer virus that could cause actual damage should the AV not respond correctly. EICAR likens the use of a live virus to test AV software to setting a fire in a trashcan to test a fire alarm, and promotes the EICAR test file as a safe alternative.

A compliant virus scanner, when detecting the file, will respond in exactly the same manner as if it found genuinely harmful code. Its use can be more versatile than straightforward detection - for example, a file containing the EICAR test string can be compressed or archived, and then the antivirus software can be run to see whether it can detect the test string in the compressed file.

The file is simply a text file of either 68 or 70 bytes that is a legitimate executable file called a COM file that can run by Microsoft operating systems and some work-alikes, including OS/2. When executed, will print "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!" and stop. The test string was specifically engineered to consist of ASCII human-readable characters, easily created using a standard computer keyboard. It makes use of self-modifying code to work around technical issues that this constraint makes on the execution of the test string.

The Eicar test string reads:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Copy the line above to notepad and save it as whatever you want .exe

Your antivurus should delete the file in seconds.