The EICAR test file was created by the European Institute for Computer Antivirus Research – hence its name – in collaboration with the Computer Antivirus Research Organization. The file is designed to check whether antivirus software is responding to a threat without using actual malware.
Traditional antivirus software detects viruses and other types of malware using signature definitions. The EICAR test file is a series of non-viral codes that most antivirus software vendors include in their products’ signature definition files as a fake-verified virus. When your antivirus software finds the EICAR file, it should treat it exactly as if it were a real virus.
The EICAR test file allows users to check if their antivirus software is working properly. For example, if you try to open a test file from Eicar.com while the real-time protection feature is turned on, your antivirus software should generate an alert.
Creating an EICAR test file
You can download an EICAR test file, or you can create one using any text editor, such as Notepad or TextEdit. To create an EICAR test file, copy and paste the following line into a blank text editor file:
X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Save the file as Eicar.com. You are now ready for the test. You can compress or archive your new file to check the antivirus’s ability to detect malware in a compressed or archived file. In fact, if your active protection was working properly, simply saving the file should have triggered an alert: “EICAR-STANDARD-ANTIVIRUS-TEST-FILE”.
The test file is an executable file that can be read by MS-DOS, OS/2, and 32-bit Windows. It is not compatible with 64-bit Windows.
