Antivirus applications are normally one of the must install applications on any PC (and these days, on smartphones as well). They ensure that our systems remain working as expected at all times, and our precious data and information stays protected and free from all things bad. But how do you know that your Antivirus is up and running? I mean, you can’t just wait for a virus to get into your system (and I’m guessing you don’t want it either), just to see whether your antivirus is doing its job.
Turns out, it’s not really that hard. Today ILFS will be explaining to you how to test your antivirus with the EICAR test file. Wanna know more about it? Read on to find out.
What exactly is the EICAR test file?
The EICAR test file is a digital file that was developed to test the reaction of Antivirus software applications towards Computer threats. However, instead of consisting any malicious code that could potentially harm a system, the EICAR test file just consists of a random string of ASCII characters.
How does EICAR file work?
The working of the EICAR test file is actually quite simple. It is an almost universal standard for harmlessly testing whether the real-time malware scanning engines of antivirus programs are actively protecting your PC or not. For this reason, almost all of the major antivirus manufacturers have their products set to respond to the EICAR test file in the exact same way as they would to a real computer threat. However, it is still possible that some of the antivirus programs don’t not work with it (probably on account of being new entrants in the antivirus arena, or due to some inherent configuration errors).
But for the most part, almost all major well known antivirus programs will detect and trigger the same reaction towards the EICAR test file as they would towards a real computer malware.
Using EICAR test file to check that your Antivirus’ real-time scanners are working:
Note: For the purposes of this testing, I’ll be using the free version of Avira Antivirus with the real time scanning enabled
Checking the downloaded test file and the response of AV to it
Step 1: Go to Kaspersky’s EICAR documentation page, and download the test file using the link given at the bottom of the page. Check the screenshot below.
Step 2: Once the file has been downloaded, just unzip the file. If your antivirus software is working and all the real-time scanners are enabled, it should block the test file and display a virus warning the exact moment the file gets unzipped. Check the screenshot below. This was taken the moment I unzipped the file.
Alternate method to get the EICAR test file
Sometimes web browsers would refuse to download the test file, popping up a message that it’s malicious. In this case you can actually create this file yourself!
Step 1: Open up Notepad
Step 2: Paste the following string into it
(Note that this is the standard string that is designed to Output the response from AV programs.
Step 3: Finally, save the Notepad document as EICAR.COM. It is important to save the document with the extension .com, otherwise it’ll get saved as a regular text document and thus won’t work. For this, you also need to select “All Files” from the drop-down menu of the option “Save as type”. Check the screenshot below:
Once you save the file as EICAR.COM, your antivirus program would pop-up the same warning message as in the case of the downloaded file, and ask you to remove it (provided that it is not configured to do that automatically).
That’s it. You have successfully tested the real-time scanning capabilities of your antivirus software using a trusted but safe method.
Few words about the EICAR testing
- EICAR test file just provides a way to test whether your Antivirus software’s scanning engines are working properly or not. It’s not a measure of checking the efficiency of an Antivirus program (for that, we rely on reports from AV-Test).
- Although the test file can be detected by almost all major AV manufacturers (Kaspersky, Avast, AVG etc.), sometimes it may not be detected. Most likely, this is due to some configuration error on the part of the user, or in the case of the installation of the antivirus being faulty itself. In either case, you should check your antivirus to see if it is actually working, because it very well might not be, and that is the whole point of testing your AV with this file.
EICAR test file provides an easy and hassle free way of checking that real time protection of your antivirus software is working fine. It gives you a way to be sure that the big wad of cash that you’ve paid for a multi system license for that swanky antivirus software application were not paid for nothing. However, no matter how advanced they are, test files and antivirus programs are only as good as the users who work on the systems they are installed on. So make sure to scan and re-scan everything before you click or download anything that sounds too good to be true.
Image Courtesy: Questar via Flickr