Have you ever wondered if your anti-virus software is really working? Would you like to see what happens when it detects a virus? Here’s a safe way to test your computer’s virus protection that doesn’t require you to have a real virus sample.
First, open Notepad. Then copy and paste into it the text on the line below. (It should all be on one line.)
Then select File, Save, select All Files for the file type, then save the file as eicar.com. The result should look exactly like the screenshot below:
Your anti-virus software may prevent you from saving the file as eicar.com, which is a sign that it is working effectively. If it doesn’t raise an alert, try scanning the folder where you saved eicar.com. To see what happens if you try to run a file containing a virus, double-click eicar.com to open it.
Always easy to edit posts afterwards so no one knows what was initially written.
CIS blocked it
But still does keep people to understand what all this fuss is about (i.e. that eicar is not deisgned to test the efficiency of an AV against malware).
The fact that CIS will flag this is a high risk file when detected during a scan may reinforce the fallacy but the EICAR string is not a virus. It tests nothing other than the ability of the software developer to include a sig match for it in the defs so that an appropriate warning is triggered. Indeed some longstanding AV vendors have “forgotten” to do this once or twice without serious consequences - other than red faces.
Every scanner that picks it up is giving a false alert
Of course not.
Even if it is very easy to test an AV engine from false positives in the “real world” (thus not taking any unwanted risk), i wonder how eicar.com could ascertain that the AV engine works (the only thing it is made for) for someone wanting to make sure of it if it does nor raise any alert.
