The Software Workshop inc. - software that fits! ™
 
Home   Contact Us    Call 315.635.1968
Web Hosting
Extras
FAQ List
Support
Sigt Up!
About Us

        Site Search
        Domain Search
        Downloads
        Privacy Policy
      Report Problem
        Web Mail (new)
        What's my IP?
       

SECURE
CONTROL PANEL

Subscriber Name

Password

 

 

 

SAFE Virus Examples

NOTE , this is about the test virus files we have from http://www.eicar.org/anti_virus_test_file.htm
It includes links (below) to sample viruses which should/better be detected by your PC!

Using real viruses for testing in the real world is rather like setting fire to the dustbin in your office to see whether the smoke detector is working. Such a test will give meaningful results, but with unappealing, unacceptable risks.

Since it is unacceptable for you to send out real viruses for test or demonstration purposes, you need a file that can safely be passed around and which is obviously non-viral, but which your anti-virus software will react to as if it were a virus.

If your test file is a program, then it should also produce sensible results if it is executed. Also, because you probably want to avoid shipping a pseudo-viral file along with your anti-virus product, your test file should be short and simple, so that your customers can easily create copies of it for themselves.

The good news is that such a test file already exists. A number of anti-virus researchers have already worked together to produce a file that their (and many other) products "detect" as if it were a virus.

Agreeing on one file for such purposes simplifies matters for users: in the past, most vendors had their own pseudo-viral test files which their product would react to, but which other products would ignore.

This test file has been provided to for distribution as the " Standard Anti-Virus Test File", and it satisfies all the criteria listed above. It is safe to pass around, because it is not a virus, and does not include any fragments of viral code. Most products react to it as if it were a virus (though they typically report it with an obvious name, such as "EICAR-AV-Test").

The file is a legitimate DOS program, and produces sensible results when run (it prints the message "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!").

It is also short and simple - in fact, it consists entirely of printable ASCII characters, so that it can easily be created with a regular text editor. Any anti-virus product that supports the test file should detect it in any file providing that the file starts with the following 68 characters, and is exactly 68 bytes long:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. The only whitespace characters allowed are the space character, tab, LF, CR, CTRL-Z. To keep things simple the file uses only upper case letters, digits and punctuation marks, and does not include spaces. The only thing to watch out for when typing in the test file is that the third character is the capital letter "O", not the digit zero.

You are encouraged to make use of the test file. If you are aware of people who are looking for real viruses "for test purposes", bring the test file to their attention. If you are aware of people who are discussing the possibility of an industry-standard test file, tell them about www.eicar.org, and point them at this article.

Important NOTE - we assume no responsibility for any damage/failure in your AV scanner or your computer if you download these files. NO HELP will be provided in removing these from your systems.

Test Files - NOTE, following have been tested with Norton Antivirus. NONE of them could be downloaded if clicked. In fact, if you even attempt to save a eicar.com file after pasting the above text into a command prompt window, it will fail when you attempt to save!

In order to facilitate various scenarios, we provide 4 files for download.

  • The first, eicar.com, contains the ASCII string as described above.
  • The second file, eicar.com.txt, is a copy of this file with a different filename. Some readers reported problems when downloading the first file, which can be circumvented when using the second version. Just download and rename the file to "eicar.com". That will do the trick.
  • The third version, eicar_com.zip contains the test file inside a zip archive. A good anti-virus scanner will spot a 'virus' inside an archive.
  • The last version, eicarcom2.zip is a zip archive containing the third file. This file can be used to see whether the virus scanner checks archives more than only one level deep.

Once downloaded run your AV scanner. It should detect at least the file "eicar.com". Good scanners will detect the 'virus' in the single zip archive and may be even in the double zip archive. Once detected the scanner might not allow you any access to the file(s) anymore. You might not even be allowed by the scanner to delete these files. This is caused by the scanner which puts the file into quarantaine. The test file will be treated just like any other real virus infected file. Read the user's manual of your AV scanner what to do or contact the vendor/manufacturer of your AV scanner.

Last Page Update: 07/28/04

 


[Home]   [Web Hosting]   [Extras]   [FAQ List]   [Support]    [Sign Up!]   [About Us]   [Contact Us]

© Copyright 1996-2007 Software Workshop Inc.