Its use can be more versatile than straightforward detection - for example, a file containing the EICAR test string can be compressed or archived, and then the antivirus software can be run to see whether it can detect the test string in the compressed file.
The file is simply a text file of either 68 or 70 bytes that is a legitimate executable file called a COM file that can run by Microsoft Windows except for bit systems due bit limitations. The test string was specifically engineered to consist of ASCII human-readable characters, easily created using a standard computer keyboard.
It makes use of self-modifying code to work around technical issues that this constraint makes on the execution of the test string. Computer Security Wiki Explore. Wiki Content. Despite this incompatibility, it is also recognized by all common antivirus programs on bit systems and identified as an EICAR test file. The machine language commands used in the executable file are selected so that only characters from the 7-bit ASCII character set appear.
This rules out font errors and the file can be created with any text editor. In order to avoid the early detection and blocking of the test file by antivirus programs, it is not only offered as a COM file , but also as a simply renamed text file and a compressed ZIP archive for download. Also, because you probably want to avoid shipping a pseudo-viral file along with your anti-virus product, your test file should be short and simple, so that your customers can easily create copies of it for themselves.
The good news is that such a test file already exists. Agreeing on one file for such purposes simplifies matters for users: in the past, most vendors had their own pseudo-viral test files which their product would react to, but which other products would ignore. The Anti-Malware Testfile. It is safe to pass around, because it is not a virus, and does not include any fragments of viral code.
It is also short and simple — in fact, it consists entirely of printable ASCII characters, so that it can easily be created with a regular text editor. Any anti-virus product that supports the EICAR test file should detect it in any file providing that the file starts with the following 68 characters, and is exactly 68 bytes long:.
The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding characters. To keep things simple the file uses only upper case letters, digits and punctuation marks, and does not include spaces.
If you are aware of people who are discussing the possibility of an industry-standard test file, tell them about www. In order to facilitate various scenarios, we provide 4 files for download. The first, eicar. The second file, eicar. Some readers reported problems when downloading the first file, which can be circumvented when using the second version. That will do the trick. The third version contains the test file inside a zip archive. The last version is a zip archive containing the third file.
This file can be used to see whether the virus scanner checks archives more than only one level deep.
0コメント