September 22, 2009

Testing Virus Recognition - The EICAR Anti-Virus Test File

We are currently building a product that allows users to upload a file that we will then place on a publicly-available website.  One of the requirements is that we check the uploaded file for viruses first.  This presented an interesting testing opportunity.

Our enterprise anti-virus software can scan the uploaded files, and delete them if a virus is detected before they are moved to the externally-accessible location.  But how to test this?  We couldn't use a real virus - that's far too dangerous.

Fortunately, there's a nice solution.  Eicar, the European Institute for Computer Antivirus Research, in conjunction with most major anti-virus vendors, has created a file that is not a virus itself, but will cause most anti-virus software to react as if it were a virus.

If you copy the following 68-character string into notepad, and save it to a text file, your anti-virus software will treat that file as if it contained a virus: copyrightjoestrazzere
(Or download one of the files from

For my tests, I simply had to take this file to a machine that had its own anti-virus software temporarily turned off, then submit it to the new product.
  • Test completed. 
  • The product reacted as expected.
  • The appropriate message was written to the event log.
  • The appropriate warning message was displayed to the user.
  • The "pseudo-infected" file was deleted and not made public.
  • Test Passed!
It's fun to learn a new technique.

See also: