EICAR test file

The Eicar test file is a file, developed by the EICAR organization, that is used in testing anti-virus scanners for their integrity in detecting viruses. The actual file is simply a text file of either 68 or 70 bytes that can be created using any text editing program (Such as Notepad), although it can be saved and run as an executable MS-DOS COM file.

While it does register as a virus under any reliable virus scanner, it is a completely benign file that will not harm, attach to files, or replicate and spread over networks. If executed, the file will simply display the message EICAR-STANDARD-ANTIVIRUS-TEST-FILE!, and then terminate.

Its use can be more versatile than straightforward detection - for example, a file containing the Eicar test string can be compressed or archived, and then the antivirus software can be run to see whether it can detect the test string in the compressed file.

The test string was specifically engineered to consist of ASCII human-readable characters, easily created using a standard computer keyboard. It makes use of self-modifying code to work around technical issues that this constraint makes on the execution of the test string.

The Eicar test string reads:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Notes:

• The third character in the string is the capital letter O, not a zero.
• Although the string itself is 68 bytes in length, some text editors add an extra blank line to the end of the file, increasing the size to 70 bytes. This does not affect the functionality of the test string or file, nor a virus scanner's ability to detect it.

• The Anti-Virus test file (EICAR)
• Assembly-language analysis of the EICAR test file

This software article is a stub. You can help Wikipedia by expanding it.

• v
• t
• e