Anti Malware Testfile

Intended use

Additional notes:

  1. This file used to be named ducklin.htm or ducklin-html.htm or similar based on its original author Paul Ducklin and was made in cooperation with CARO.
  2. The definition of the file has been refined 1 May 2003 by Eddy Willems in cooperation with all vendors.
  3. The content of this documentation (title-only) was adapted 1 September 2006 to add together verification of the activity of anti-malware or anti-spyware products. Information technology was decided not to modify the file itself for backward-compatibility reasons.

Who needs the Anti-Malware Testfile

(read the complete text, it contains of import information)
Version of 7 September 2006

If you are agile in the anti-virus research field, then you lot volition regularly receive requests for virus samples. Some requests are like shooting fish in a barrel to bargain with: they come from fellow-researchers whom you know well, and whom you trust. Using strong encryption, you can send them what they have asked for by almost any medium (including across the Internet) without any existent risk.

Other requests come from people you lot have never heard from before. There are relatively few laws (though some countries practice take them) preventing the secure exchange of viruses between consenting individuals, though it is conspicuously irresponsible for you lot only to make viruses available to anyone who asks. Your best response to a request from an unknown person is simply to reject politely.

A tertiary set of requests come from exactly the people you might remember would be least likely to want viruses „users of anti-virus software". They want some way of checking that they accept deployed their software correctly, or of deliberately generating a „virus incident in guild to test their corporate procedures, or of showing others in the organisation what they would see if they were hit by a virus".

Reasons for testing anti-virus software

Apparently, at that place is considerable intellectual justification for testing anti-virus software against real viruses. If you lot are an anti-virus vendor, so you do this (or should practise it!) before every release of your product, in order to ensure that information technology really works. All the same, y'all exercise not (or should not!) perform your tests in a „existent" environment. You use (or should apply!) a secure, controlled and independent laboratory surround inside which your virus drove is maintained.

Using real viruses for testing in the existent world is rather similar setting fire to the dustbin in your function to come across whether the smoke detector is working. Such a test will requite meaningful results, but with unappealing, unacceptable risks.

Since it is unacceptable for you to send out real viruses for test or sit-in purposes, y'all need a file that can safely be passed effectually and which is obviously non-viral, but which your anti-virus software volition react to as if information technology were a virus.

If your examination file is a program, then it should also produce sensible results if it is executed. Too, because you probably want to avoid shipping a pseudo-viral file forth with your anti-virus product, your test file should be short and simple, so that your customers tin hands create copies of it for themselves.

The good news is that such a test file already exists. A number of anti-virus researchers have already worked together to produce a file that their (and many other) products „discover" as if information technology were a virus.

Agreeing on 1 file for such purposes simplifies matters for users: in the past, most vendors had their own pseudo-viral test files which their product would react to, but which other products would ignore.

The Anti-Malware Testfile

This test file has been provided to EICAR for distribution as the „EICAR Standard Anti-Virus Test File", and it satisfies all the criteria listed higher up. It is safe to pass around, because information technology is not a virus, and does not include whatever fragments of viral code. About products react to information technology as if it were a virus (though they typically written report information technology with an obvious proper noun, such as „EICAR-AV-Examination").

The file is a legitimate DOS program, and produces sensible results when run (it prints the message „EICAR-STANDARD-ANTIVIRUS-Exam-FILE!").

Information technology is also short and simple – in fact, it consists entirely of printable ASCII characters, so that it tin can hands be created with a regular text editor. Whatsoever anti-virus product that supports the EICAR test file should discover it in whatsoever file providing that the file starts with the following 68 characters, and is exactly 68 bytes long:

X5O!P%@AP[4\PZX54(P^)7CC)vii}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

The kickoff 68 characters is the known cord. Information technology may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. The only whitespace characters allowed are the infinite character, tab, LF, CR, CTRL-Z. To keep things simple the file uses only upper case letters, digits and punctuation marks, and does non include spaces. The but thing to watch out for when typing in the test file is that the 3rd character is the upper-case letter letter „O", not the digit zero.

You lot are encouraged to make use of the EICAR exam file. If y'all are aware of people who are looking for real viruses „for examination purposes", bring the test file to their attention. If you lot are aware of people who are discussing the possibility of an industry-standard test file, tell them about www.eicar.org, and point them at this commodity.

Download Anti Malware Testfile

In order to facilitate various scenarios, we provide 4 files for download. The offset, eicar.com, contains the ASCII string as described higher up. The second file, eicar.com.txt, is a copy of this file with a different filename. Some readers reported problems when downloading the first file, which can be circumvented when using the second version. Just download and rename the file to „eicar.com". That will practice the trick. The tertiary version contains the test file inside a nada archive. A expert anti-virus scanner volition spot a ‚virus' inside an archive. The last version is a zip archive containing the third file. This file can be used to encounter whether the virus scanner checks archives more than only one level deep.

One time downloaded run your AV scanner. It should discover at least the file „eicar.com". Good scanners will observe the ‚virus' in the single zip archive and may exist even in the double cipher archive. Once detected the scanner might not allow yous any access to the file(s) anymore. Y'all might not even be immune by the scanner to delete these files. This is caused by the scanner which puts the file into quarantaine. The test file will be treated merely like any other real virus infected file. Read the user's manual of your AV scanner what to do or contact the vendor/manufacturer of your AV scanner.

Important Note
EICAR cannot be held responsible when these files or your AV scanner in combination with these files cause any harm to your computer.YOU DOWNLOAD THESE FILES AT YOUR OWN RISK. Download these files only if y'all are sufficiently secure in the usage of your AV scanner. EICAR cannot and will not provide whatever assist to remove these files from your figurer. Please contact the manufacturer/vendor of your AV scanner to seek such help.

Download expanse using the standard protocol HTTP
– Deplorable, HTTP downoad ist temporarily not provided. –
Download expanse using the secure, SSL enabled protocol HTTPS
eicar.com
68 Bytes		 eicar.com.txt
68 Bytes		 eicar_com.nix
184 Bytes		 eicarcom2.cypher
308 Bytes

How to delete the test file from your PC

We understand (from the many emails we receive) that it might be hard for you lot to delete the test file from your PC. After all, your scanner believes information technology is a virus infected file and does not let y'all to access it anymore. At this point we must refer to our standard answer apropos support for the test file. We are pitiful to tell you lot that EICAR cannot and will non provide AV scanner specific support. The best source to get such data from is the vendor of the tool which you purchased.

Delight contact the support people of your vendor. They accept the required expertise to aid you in the usage of the tool. Needless to say that you should have read the user'due south manual first before contacting them.