The EICAR Anti-Virus Test File or EICAR test file is a computer file developed by the European Institute for Computer Anti Virus Research (EICAR) and the Computer Antivirus Research Organization (CARO) to test the response of computer antivirus program (AV). Instead of using real malware, which can cause real damage, this test file allows people to test anti-virus software without having to use a real computer virus.
Anti-virus programmers set EICAR strings as verified viruses, similar to other identifiable signatures. The appropriate virus scanner, when it detects the file, will respond in much the same way as if it found a dangerous virus. Not all virus scanners are compliant, and may not detect files even when they are configured correctly. Both the way in which the files are detected as well as marked words are standard, and may differ from the way in which the real malware is flagged, but should prevent it from executing as long as it meets stringent specifications set by the European Institute for Antivirus Research Computers.
The use of EICAR test strings can be more flexible than direct detection: files containing EICAR test strings can be compressed or archived, and then antivirus software can be run to see if it can detect test strings in compressed files. Many of the AMTSO Settings Settings Settings are based on the EICAR test string.
Malwarebytes developers have said that they do not add EICAR test files to their databases, since "adding fake malware and test files like EICAR to databases takes a long time from malware research, and does not prove anything in the long run."
Video EICAR test file
Design
This file is a text file between 68 and 128 bytes which is a legitimate executable file called a COM file that can be run by MS-DOS, some work-users, and its successor OS/2 and Windows (except for 64-bit due to limitations of 16 -bit). When executed, the EICAR test file will print "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!" and then it will stop. String tests are engineered to consist of human readable ASCII characters, easily made using standard computer keyboards. It makes use of self-modifying code to work around technical issues that limit this constraint on the implementation of the test string.
The EICAR test string reads:
X5O! P% @ AP [4 \ PZX54 (P ^) 7CC) 7} $ EICAR-STANDARD-ANTIVIRUS-TEST-FILE! $ H H *
Maps EICAR test file
See also
- GTUBEÃ, - a similar test for unsolicited bulk mail (spam e-mail)
External links
- The Official Website of the European Institute for Computer Antivirus Research (also known as the European Expert Group for IT-Security)
- [1] Assembly language analysis of EICAR test file
- [2] An antivirus result from EICAR file scanning
- [3] AMTSO guidance on the use and misuse of test files in security product testing, including simulators, EICAR strings, CloudCar, and Spycar.
References
Source of the article : Wikipedia
0 Comments