Testing your virus protection with EICAR test file

Summary

 

This article describes how you can use an EICAR test file to see how your antivirus software works.

 

EICAR test file

 

EICAR Standard Anti-Virus Test File (EICAR) is a safe file developed by the European Institute for Computer Anti-Virus Research (EICAR) for testing anitvirus software. It is commonly used to

  • confirm that the antivirus software is installed correctly,
  • demonstrate what happens when a virus is found, and
  • check internal procedures and reactions when a virus is found.

Your antivirus software detects EICAR as if it were a real virus.

 

Testing with EICAR

 

EICAR is a good way to get familiar with your antivirus software. The EICAR test file is available in the following four formats:

  • eicar.com: EICAR test file.
  • eicar.com.txt: Copy of eicar.com with a different file name.
  • eicar_com.zip: EICAR ZIP file for testing compressed files.
  • eicarcom2.zip: An archive which contains the eicar_com.zip file for testing nested compressed files.

To download the EICAR test files, visit either the EICAR test file page or F-Secure's Security Lab page. From there, you can also find instructions on how to create an EICAR test file.

 

Note : If you have problems downloading the eicar.com file, downlowad eicar.com.txt instead. Rename it then to eicar.com.

 

See how the firewall blocks unsafe traffic

 

These instructions apply to products which contain a firewall (F-Secure Internet Security):

  1. Download eicar.com.
  2. Change the security level (firewall profile) to a stricter one.

See how real-time scanning detects harmful files

 

See how harmful files are deleted or renamed:
  1. Try to save eicar.com on your computer or execute it.
  2. If your antivirus software is on and working properly, you should not be able to execute the file or save it to your computer.
  3. The antivirus software automatically detects and disinfects the file either by renaming or deleting it.
See how harmful files become harmless when they are renamed:
  1. Change the file name of eicar.com to, for example, eicar.co0. The file becomes unexcecutable, similar to a dead virus.
  2. Change the name back to eicar.com to execute it, and you notice that your antivirus software detects it again automatically.
See how harmful files in an archive are detected:

By default, compressed or archive files, such as ZIP files, are not scanned in real time. F-Secure's antivirus products scan the archive files automatically once you attempt to extract or execute their content.

  1. Download the eicar_com.zip file and save the file to your computer.
    Note : To test nested compressed files, use eicarcom2.zip.
  2. Try to exctract the ZIP file or execute one of the files within the ZIP file.
  3. Right-click the eicar_com.zip file and select Scan eicar_com.zip for viruses.

See how e-mail scanning detects infected e-mails

 

You can use EICAR to test how e-mail scanning detects infected e-mails.

Important: Before using EICAR to test your mailbox:

  • EICAR is a safe file but actions taken during disinfection may make it dangerous, especially if your antivirus software does not scan incoming or outgoing e-mails.
  • If the infected file is named OUTLOOK.PST , INBOX.DBX , or similar, do not select the Delete automatically action during disinfection. This file is your mailbox file, and if you select this action, your mailbox is deleted. If this happens, see article How to restore a deleted mailbox.

This article in other languages:
Finnish, Swedish, German, French, Japanese, Italian, Danish, Norwegian, Dutch, Polish

Pricing & Product Info

For product info and pricing please go to the F-Secure product page

Version history
Revision #:
19 of 19
Last update:
‎01-04-2016 03:26 PM
Updated by:
 
Labels (1)