Posted 13 October 2012 - 03:07 AM
The EICAR test file is not designed to test how good or how bad your AV scanner is at detecting malware. I use it to test a setup or configuration.
For example, in a corporate environment, I have configured the AV scanner to send an e-mail for each detected malware. This e-mail is processed on a server to automatically create a ticket for the helpdesk.
How do I test such a setup without endangering the corporate network? With the EICAR test.
The EICAR test file is actually a real DOS program (hence the .COM extension) that prints the text "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!". A remarkable thing of this DOS program is that it is pure ASCII.
SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.
Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"