Testing Product Operation |
The EICAR (European Institute for Computer Anti-Virus Research) test helps testing operation of anti-virus programs that detect viruses using signatures. This test was designed specifically so that users could test reaction of an installed anti-virus to a threat without putting their computers at risk. Although the EICAR test program is not actually malware, it is treated by the majority of anti-viruses as a virus. Dr.Web anti-virus products report the following upon detection of this “virus”: EICAR Test File (NOT a Virus!). Other anti-viruses alert users in a similar way. The EICAR test program is a 68-byte .com file for MS-DOS/Windows that outputs the following message to the console or to a terminal emulator screen when running:
The test program body contains only text characters that form the following string:
If you create a text file consisting of the string provided above, the resulting file will be the “virus” program. If Dr.Web Industrial for Unix File Servers operates correctly, this file must be detected during a file system scan regardless of the scan type and the user must be notified of the detected threat: EICAR Test File (NOT a Virus!). An example of a command to test operation of Dr.Web Industrial for Unix File Servers using the EICAR test program:
This command writes the string that represents the body of the EICAR test program to a file named testfile created in the current directory, scans the resulting file and removes this file afterwards.
If the test “virus” is detected, the following message is displayed:
If an error occurs during the test, refer to the description of known errors.
|