Test your Anti-virus program

Martin Brinkmann
Jan 1, 2007
Updated • May 24, 2013
Security
|
14

Do you know if your anti-virus solution is working? You could try to test your anti-virus program against the EICAR (European Expert Group for IT-Security) test file to see if it reacts the way it should.

All you need to do is create the testfile and scan it with your virus scanner. If the scanner detects something it is working as intended, if it does not you should consider changing immediately to a more reliable one.

Creating the file is pretty simple. Just create a new text file and paste the following line of code into it:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Save the file and rename it to test.com. When executed it displays the message EICAR-STANDARD-ANTIVIRUS-TEST-FILE. No harm will be done to your system if you accidentally execute the file. To test your virus scanner right-click the file and select the scan option of your antivirus solution. You can alternatively scan it from the interface of it as well.

You could also pack it and test it or send it to your email account to test the interaction between virus scanner and email client.

After the test finishes you do know if your virus scanner is working as intended and able to detect viruses on your system. This does not necessarily mean that it will detect other viruses that exist but it means that it is working and protecting your system.

There is obviously also the option to simply execute the file to see if the antivirus software blocks the execution, or if the file slips past it.

While this single test can show you if your antivirus software lacks the proper technology to block simple malware, it can't be used to determine whether an antivirus program is best suitable for you. Most modern antivirus applications should catch the file and block it from executing, and it takes more because of this to come to a conclusion about the effectiveness of a software. One option that you have is to visit websites that test antivirus software regularly, like AV Comparatives for instance.

Advertisement

Previous Post: «
Next Post: «

Comments

  1. Devaraj said on April 8, 2010 at 2:31 am
    Reply

    Quick Heal Antivirus 2010 is working well

    Thankx

  2. Dontay said on March 26, 2010 at 5:38 am
    Reply

    Avast removed the file before i can even save it properly so its working grate!!!!!

  3. Baseball Handicapping said on April 17, 2009 at 9:34 am
    Reply

    This seemed to work well for me even though I use ccleaner and avg for most of my needs.

  4. Shank said on July 11, 2008 at 11:51 am
    Reply

    Avira Antivir didn’t even allow me to open the file.. :(

    .. but rather deleted it quickly :)

    Thx for this info…

  5. CGW3 said on January 3, 2007 at 10:12 am
    Reply

    I figured I would test out my anti-virus software (NOD32) with the technique
    So I created a text file, entered the line of code, and saved the text file.

    Next to rename it, I right clicked it to try and rename, and straight away NOD32 flashed up a warning, telling there was a problem and that the file was moved to quarantine.

    So score 1 for NOD32, it did not even require the file to execute, simply me attempting to rename it…with it containing dangerous code. :o)

    1. justin case said on January 26, 2007 at 5:24 am
      Reply

      so did antivir 7 free edition

  6. Tom said on January 2, 2007 at 6:32 am
    Reply

    Great post! Those of you who administer e-mail servers may be interested in the GTUBE (Generic Test for Unsolicited Bulk Email).
    http://spamassassin.apache.org/gtube
    It is the spam filter equivalent to EICAR.

  7. Riley said on January 1, 2007 at 11:04 pm
    Reply

    Interesting, I guess it couldn’t hurt. I use Avast with Adaware, Spywareblaster and Search and Destroy. Am I missing anything? OH and sypware doctor too.

  8. kurt wismer said on January 1, 2007 at 10:02 pm
    Reply

    indeed – the eicar standard anti-virus test file is not meant to show how good a scanner is at detecting viruses (that would require hundreds of thousands of files, not just one), instead it is meant to show whether or not your anti-virus product is installed properly and/or functioning properly…

    i must say, however, that the advice to switch to a different product if your current one doesn’t detect the file is a little wrong-headed… your current product could be missing it precisely because it’s not installed properly or has become broken somehow… the eicar standard anti-virus test file is supported by practically ALL anti-virus vendors so if your product fails to detect it the chances are better that there’s something wrong with your installation of the product than there being something wrong with the product itself…

  9. Martin said on January 1, 2007 at 7:28 pm
    Reply

    Max that is why i wrote: This does not necessarily mean that it will detect every virus that exists but it means that it is working. :)

  10. Max said on January 1, 2007 at 7:12 pm
    Reply

    But this doesn’t really test you virus scanner for other viruses. This is a popular file that virus scanners detect and it isn’t even a virus. So virus makers make sure this test file is always found. If your virus scanner finds this file, it just means that it can detect an EICAR test file. Doesn’t mean it will detect most other viruses.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.