# Test your anti-virus software.



## Kenny94 (Dec 16, 2004)

First, open Notepad. Then copy and paste into it the text on the line below. (It should all be on one line.)

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Then select File > Save As > then save the file as eicar.com.

Also, try scanning the folder where you saved eicar.com. To see what happens... 

Source: How To Test your anti-virus software


----------



## aarhus2004 (Jan 10, 2004)

http://www.eicar.org/anti_virus_test_file.htm

Try the double zip file too, i.e the eicarcom2.zip

lotsa fun.


----------



## JohnWill (Oct 19, 2002)

My incoming email manages to test mine sufficiently for me.


----------



## hewee (Oct 26, 2001)

I did the eicarcom2.zip one and it worked great some time back.

But I also sent it out to all other web base email accounts I have and not all of then stopped it.
It is all posted here some place what happen.


----------



## saltydawgs (Oct 10, 2005)

woah, right when i saved it, a virus warning appeared....lol

i hope its not a real virus


----------



## texastoy4her (Nov 30, 2004)

Mine didn't do anything untill after I right clicked and chose to scan.

This isn't that good of a thing huh? lol


----------



## lotuseclat79 (Sep 12, 2003)

At: http://en.wikipedia.org/wiki/Eicar_test_file you will find a link to the assembly language analysis of EICAR about how it works which is most instructive using MS Debug.

On the downside, this is a long known and venerable beneign test, but hardly worth the effort as all major AV vendors have long ago incorporated its pattern into their signatures and some might not even detect it. A better more comprehensive test of signature-based AVs can be found at: http://www.av-compartives.org for which over 400,000 signatures are currently in use. This is arguably a much better test of current threats than EICAR which is not a threat at all. Even if it is not detected by your AV, there is little to worry about from Eicar as it poses no threat. What you should be worried about is either not having a 0-day threat prevention approach (most likely an AV with heuristics) or a one-two punch like both a strong signature-based and a heuristic-based AV.

-- Tom


----------



## bizziebill (Apr 5, 2005)

Ok, my virus scan found it, now how do I stop it? About every 10 min. it come up showing it was found again.


----------



## aarhus2004 (Jan 10, 2004)

Which one are you refering to?


----------



## bizziebill (Apr 5, 2005)

The first step,I did the copy and paste into notepad. Know it keeps doing the virus scan thing.


----------



## aarhus2004 (Jan 10, 2004)

So that is the Eicar one. Well you have a good anti-virus system. Just delete the text file.


----------



## Kenny94 (Dec 16, 2004)

bizziebill just be curious. What anti-virus software are you using?


----------



## bizziebill (Apr 5, 2005)

Norton, had SBC also but canceled it.


----------



## xgerryx (May 16, 2003)

The main value of eicar test virus is to help familiarize your self with what to expect when your av finds a virus. Its a good one for showing people how their av will present them with a few options and what to do when a virus is detected.


----------



## Kenny94 (Dec 16, 2004)

xgerryx said:


> The main value of eicar test virus is to help familiarize your self with what to expect when your av finds a virus. Its a good one for showing people how their av will present them with a few options and what to do when a virus is detected.


I never thought of this....:up: In the future, I'm going to use the eicar test after I install anti-virus software on their computer. To show folks..........


----------



## Bush Lady (Jul 25, 2004)

Whaw....I clicked on eicar.txt, and my antivirus came up and said "A virus has been detected" It just wouldn't let me "save to target".


----------



## hewee (Oct 26, 2001)

xgerryx said:


> The main value of eicar test virus is to help familiarize your self with what to expect when your av finds a virus. Its a good one for showing people how their av will present them with a few options and what to do when a virus is detected.


Best to do the same test tru any of your Web base email account too so you know what happens.
I had some where they were deleted, some got tru and others accounts I never got the email. I think it was Gmail that I never got the email or any email from them saying they deleted the email.
So best to test each account sending from each and sending to each to see what they do with the emails.


----------

