643:
48:
Anti-virus programmers set the EICAR string as a verified virus, similar to other identified signatures. A compliant virus scanner, when detecting the file, will respond in more or less the same manner as if it found a harmful virus. Not all virus scanners are compliant, and may not detect the file
143:
According to EICAR's specification the antivirus detects the test file only if it starts with the 68-byte test string and is not more than 128 bytes long. As a result, antiviruses are not expected to raise an alarm on some other document containing the test string. The test file can still be
49:
even when they are correctly configured. Neither the way in which the file is detected nor the wording with which it is flagged are standardized, and may differ from the way in which real malware is flagged, but should prevent it from executing as long as it meets the strict specification set by
110:(except for 64-bit due to 16-bit limitations). The EICAR test file will print "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!" when executed and then will stop. The test string was written by noted anti-virus researchers
41:(AV) programs. Instead of using real malware, which could cause real damage, this test file allows people to test anti-virus software without having to use a real
1450:
537:
1127:
1488:
497:
263:
256:
504:
1081:
208:
1058:
406:
331:
1610:
1089:
530:
56:
The use of the EICAR test string can be more versatile than straightforward detection: a file containing the EICAR test string can be
1021:
1120:
817:
1589:
1539:
1313:
1071:
144:
used for some malicious purposes, exploiting the reaction from the antivirus software. For example, a race condition involving
64:, and then the antivirus software can be run to see whether it can detect the test string in the compressed file. Many of the
1331:
1422:
884:
523:
1298:
1113:
1076:
997:
797:
182:
1559:
1053:
1011:
667:
50:
30:
1218:
914:
632:
438:
231:
1351:
1213:
1150:
899:
777:
672:
464:
1170:
987:
939:
602:
508:
1292:
1288:
1280:
1276:
1254:
1250:
1242:
1238:
1234:
1230:
1226:
1223:
115:
1028:
762:
367:
1574:
1394:
1048:
960:
909:
854:
722:
695:
677:
642:
575:
546:
307:
1379:
1615:
1579:
1160:
832:
607:
565:
123:
126:
to work around technical issues that this constraint imposes on the execution of the test string.
1016:
944:
849:
416:
342:
1549:
1374:
1336:
1323:
1064:
822:
757:
707:
654:
612:
560:
122:
human-readable characters, easily created using a standard computer keyboard. It makes use of
1432:
1361:
1203:
1033:
973:
737:
727:
622:
111:
57:
491:
1584:
1412:
1346:
1303:
1208:
924:
904:
627:
617:
1564:
1445:
1407:
1369:
1284:
1094:
992:
842:
792:
767:
732:
712:
592:
580:
315:
42:
1604:
1473:
1341:
1308:
1004:
965:
934:
929:
782:
772:
742:
1478:
1384:
1178:
1155:
1038:
894:
597:
232:"360 Total Security Anti-virus first impressions: Refreshingly subtle but thorough"
95:
288:
1569:
1529:
1483:
1464:
1417:
1402:
1266:
1262:
1258:
1246:
1183:
978:
812:
787:
752:
587:
1460:
1043:
859:
807:
690:
570:
209:"How To: Test the SmartScreen Filter and Windows Defender Detection Scenarios"
161:
88:
1194:
919:
874:
869:
717:
685:
77:
38:
1504:
1440:
879:
837:
700:
385:
85:
1145:
889:
864:
827:
515:
145:
132:
X5O!P%@AP[4\PZX54(P^)7CC)7}$ EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$ H+H*
107:
61:
1105:
442:
802:
747:
662:
411:
99:
135:
The third character is the capital letter 'O', not the digit zero.
1554:
1544:
1522:
1517:
1512:
1271:
157:
119:
65:
103:
81:
34:
1109:
519:
92:
507:. Anti-Malware Testing Standards Organization. Archived from
465:"Exploiting (Almost) Every Antivirus Software – RACK911 Labs"
641:
68:
Feature
Settings Checks are based on the EICAR test string.
505:"The Use and Misuse of Test Files in Anti-Malware Testing"
257:"The Use and Misuse of Test Files in Anti-Malware Testing"
488:(also known as the European Expert Group for IT-Security)
492:
An
Examination of the EICAR's Standard A-V Test Program
483:
308:"The Winds of Change: Updates to the EICAR Test File"
1497:
1459:
1431:
1393:
1360:
1322:
1192:
1169:
953:
653:
553:
160: – a similar test for unsolicited bulk email (
51:European Institute for Computer Antivirus Research
31:European Institute for Computer Antivirus Research
494:Assembly-language analysis of the EICAR test file
372:NinTechNet's updates and security announcements
500:Antivirus results from scanning the EICAR file
1121:
531:
339:Eicar – European Expert Group for IT–Security
29:is a computer file that was developed by the
8:
148:can cause antiviruses to delete themselves.
1489:The quick brown fox jumps over the lazy dog
1128:
1114:
1106:
538:
524:
516:
368:"Anatomy of the EICAR Antivirus Test File"
1082:Security information and event management
439:"Download Anti Malware Testfile – Eicar"
37:(CARO) to test the response of computer
35:Computer Antivirus Research Organization
16:Computer file to test antivirus software
174:
102:, some work-alikes, and its successors
283:
281:
1059:Host-based intrusion detection system
289:"AMTSO Security Features Check Tools"
7:
386:"EICAR-STANDARD-ANTIVIRUS-TEST-FILE"
1090:Runtime application self-protection
207:Hay, Richard (12 September 2016).
14:
1022:Security-focused operating system
818:Insecure direct object reference
407:"Virus Profile: EICAR test file"
1590:1951 USAF resolution test chart
1072:Information security management
1:
1560:"The North Wind and the Sun"
183:"Is Your Antivirus Working?"
129:The EICAR test string reads
1342:Trabb Pardo–Knuth algorithm
1077:Information risk management
998:Multi-factor authentication
554:Related security categories
441:(in German). Archived from
332:"EICAR's Test File History"
306:Willems, Eddy (June 2003).
1632:
1611:Computer security software
1540:functions for optimization
1299:Snell & Wilcox SW2/SW4
1054:Intrusion detection system
1012:Computer security software
668:Advanced persistent threat
23:EICAR Anti-Virus Test File
1219:EIA 1956 resolution chart
1141:
639:
633:Digital rights management
1352:Just another Perl hacker
1214:Indian-head test pattern
1151:Reference implementation
778:Denial-of-service attack
673:Arbitrary code execution
1332:"Hello, World!" program
1171:Artificial intelligence
988:Computer access control
940:Rogue security software
603:Electromagnetic warfare
1570:SMPTE universal leader
1277:Philips circle pattern
1034:Obfuscation (software)
763:Browser Helper Objects
647:
80:of between 68 and 128
1029:Data-centric security
910:Remote access trojans
645:
114:and Paul Ducklin and
98:) that can be run by
84:that is a legitimate
1575:EURion constellation
1395:3D computer graphics
961:Application security
855:Privilege escalation
723:Cross-site scripting
576:Cybersex trafficking
547:Information security
1161:Standard test image
1136:Standard test items
608:Information warfare
566:Automotive security
348:on 16 December 2015
124:self-modifying code
1324:Computer languages
1017:Antivirus software
885:Social engineering
850:Polymorphic engine
803:Fraudulent dialers
708:Hardware backdoors
648:
511:on 16 August 2017.
419:on 5 February 2009
266:. 24 February 2012
1598:
1597:
1550:Harvard sentences
1375:Canterbury corpus
1103:
1102:
1065:Anomaly detection
970:Secure by default
823:Keystroke loggers
758:Drive-by download
646:vectorial version
613:Internet security
561:Computer security
374:. 26 August 2021.
1623:
1433:Machine learning
1362:Data compression
1204:SMPTE color bars
1130:
1123:
1116:
1107:
974:Secure by design
905:Hardware Trojans
738:History sniffing
728:Cross-site leaks
623:Network security
540:
533:
526:
517:
512:
487:
486:
484:Official website
469:
468:
461:
455:
454:
452:
450:
445:on 28 April 2022
435:
429:
428:
426:
424:
415:. Archived from
403:
397:
396:
394:
392:
382:
376:
375:
364:
358:
357:
355:
353:
347:
341:. Archived from
336:
327:
321:
320:
312:
303:
297:
296:
285:
276:
275:
273:
271:
261:
253:
247:
246:
244:
242:
227:
221:
220:
218:
216:
204:
198:
197:
195:
193:
179:
112:Padgett Peterson
1631:
1630:
1626:
1625:
1624:
1622:
1621:
1620:
1601:
1600:
1599:
1594:
1585:Webdriver Torso
1535:EICAR test file
1493:
1455:
1427:
1413:Stanford dragon
1389:
1356:
1347:Man or boy test
1318:
1304:Telefunken FuBK
1209:EBU colour bars
1188:
1165:
1137:
1134:
1104:
1099:
949:
649:
637:
628:Copy protection
618:Mobile security
549:
544:
503:
482:
481:
478:
473:
472:
463:
462:
458:
448:
446:
437:
436:
432:
422:
420:
405:
404:
400:
390:
388:
384:
383:
379:
366:
365:
361:
351:
349:
345:
334:
330:Willems, Eddy.
329:
328:
324:
310:
305:
304:
300:
287:
286:
279:
269:
267:
259:
255:
254:
250:
240:
238:
229:
228:
224:
214:
212:
206:
205:
201:
191:
189:
181:
180:
176:
171:
154:
141:
133:
74:
27:EICAR test file
17:
12:
11:
5:
1629:
1627:
1619:
1618:
1613:
1603:
1602:
1596:
1595:
1593:
1592:
1587:
1582:
1577:
1572:
1567:
1562:
1557:
1552:
1547:
1542:
1537:
1532:
1527:
1526:
1525:
1520:
1515:
1507:
1501:
1499:
1495:
1494:
1492:
1491:
1486:
1481:
1476:
1470:
1468:
1457:
1456:
1454:
1453:
1448:
1446:MNIST database
1443:
1437:
1435:
1429:
1428:
1426:
1425:
1420:
1415:
1410:
1408:Stanford bunny
1405:
1399:
1397:
1391:
1390:
1388:
1387:
1385:enwik8, enwik9
1382:
1380:Silesia corpus
1377:
1372:
1370:Calgary corpus
1366:
1364:
1358:
1357:
1355:
1354:
1349:
1344:
1339:
1334:
1328:
1326:
1320:
1319:
1317:
1316:
1311:
1306:
1301:
1296:
1274:
1269:
1221:
1216:
1211:
1206:
1200:
1198:
1190:
1189:
1187:
1186:
1181:
1175:
1173:
1167:
1166:
1164:
1163:
1158:
1153:
1148:
1142:
1139:
1138:
1135:
1133:
1132:
1125:
1118:
1110:
1101:
1100:
1098:
1097:
1095:Site isolation
1092:
1087:
1086:
1085:
1079:
1069:
1068:
1067:
1062:
1051:
1046:
1041:
1036:
1031:
1026:
1025:
1024:
1019:
1009:
1008:
1007:
1002:
1001:
1000:
993:Authentication
985:
984:
983:
982:
981:
971:
968:
957:
955:
951:
950:
948:
947:
942:
937:
932:
927:
922:
917:
912:
907:
902:
897:
892:
887:
882:
877:
872:
867:
862:
857:
852:
847:
846:
845:
835:
830:
825:
820:
815:
810:
805:
800:
795:
793:Email spoofing
790:
785:
780:
775:
770:
765:
760:
755:
750:
745:
740:
735:
733:DOM clobbering
730:
725:
720:
715:
713:Code injection
710:
705:
704:
703:
698:
693:
688:
680:
675:
670:
665:
659:
657:
651:
650:
640:
638:
636:
635:
630:
625:
620:
615:
610:
605:
600:
595:
593:Cyberterrorism
590:
585:
584:
583:
581:Computer fraud
578:
568:
563:
557:
555:
551:
550:
545:
543:
542:
535:
528:
520:
514:
513:
501:
495:
489:
477:
476:External links
474:
471:
470:
456:
430:
398:
377:
359:
322:
316:Virus Bulletin
298:
277:
248:
222:
211:. IT Pro Today
199:
173:
172:
170:
167:
166:
165:
153:
150:
140:
137:
131:
118:to consist of
76:The file is a
73:
70:
43:computer virus
15:
13:
10:
9:
6:
4:
3:
2:
1628:
1617:
1614:
1612:
1609:
1608:
1606:
1591:
1588:
1586:
1583:
1581:
1578:
1576:
1573:
1571:
1568:
1566:
1565:"Tom's Diner"
1563:
1561:
1558:
1556:
1553:
1551:
1548:
1546:
1543:
1541:
1538:
1536:
1533:
1531:
1530:"Bad Apple!!"
1528:
1524:
1521:
1519:
1516:
1514:
1511:
1510:
1508:
1506:
1503:
1502:
1500:
1496:
1490:
1487:
1485:
1482:
1480:
1477:
1475:
1474:Etaoin shrdlu
1472:
1471:
1469:
1466:
1462:
1458:
1452:
1449:
1447:
1444:
1442:
1439:
1438:
1436:
1434:
1430:
1424:
1421:
1419:
1416:
1414:
1411:
1409:
1406:
1404:
1401:
1400:
1398:
1396:
1392:
1386:
1383:
1381:
1378:
1376:
1373:
1371:
1368:
1367:
1365:
1363:
1359:
1353:
1350:
1348:
1345:
1343:
1340:
1338:
1335:
1333:
1330:
1329:
1327:
1325:
1321:
1315:
1312:
1310:
1309:TVE test card
1307:
1305:
1302:
1300:
1297:
1294:
1290:
1286:
1282:
1278:
1275:
1273:
1270:
1268:
1264:
1260:
1256:
1252:
1248:
1244:
1240:
1236:
1232:
1228:
1225:
1224:BBC Test Card
1222:
1220:
1217:
1215:
1212:
1210:
1207:
1205:
1202:
1201:
1199:
1196:
1191:
1185:
1182:
1180:
1177:
1176:
1174:
1172:
1168:
1162:
1159:
1157:
1154:
1152:
1149:
1147:
1144:
1143:
1140:
1131:
1126:
1124:
1119:
1117:
1112:
1111:
1108:
1096:
1093:
1091:
1088:
1083:
1080:
1078:
1075:
1074:
1073:
1070:
1066:
1063:
1060:
1057:
1056:
1055:
1052:
1050:
1047:
1045:
1042:
1040:
1037:
1035:
1032:
1030:
1027:
1023:
1020:
1018:
1015:
1014:
1013:
1010:
1006:
1005:Authorization
1003:
999:
996:
995:
994:
991:
990:
989:
986:
980:
977:
976:
975:
972:
969:
967:
966:Secure coding
964:
963:
962:
959:
958:
956:
952:
946:
943:
941:
938:
936:
935:SQL injection
933:
931:
928:
926:
923:
921:
918:
916:
915:Vulnerability
913:
911:
908:
906:
903:
901:
900:Trojan horses
898:
896:
895:Software bugs
893:
891:
888:
886:
883:
881:
878:
876:
873:
871:
868:
866:
863:
861:
858:
856:
853:
851:
848:
844:
841:
840:
839:
836:
834:
831:
829:
826:
824:
821:
819:
816:
814:
811:
809:
806:
804:
801:
799:
796:
794:
791:
789:
786:
784:
783:Eavesdropping
781:
779:
776:
774:
773:Data scraping
771:
769:
766:
764:
761:
759:
756:
754:
751:
749:
746:
744:
743:Cryptojacking
741:
739:
736:
734:
731:
729:
726:
724:
721:
719:
716:
714:
711:
709:
706:
702:
699:
697:
694:
692:
689:
687:
684:
683:
681:
679:
676:
674:
671:
669:
666:
664:
661:
660:
658:
656:
652:
644:
634:
631:
629:
626:
624:
621:
619:
616:
614:
611:
609:
606:
604:
601:
599:
596:
594:
591:
589:
586:
582:
579:
577:
574:
573:
572:
569:
567:
564:
562:
559:
558:
556:
552:
548:
541:
536:
534:
529:
527:
522:
521:
518:
510:
506:
502:
499:
496:
493:
490:
485:
480:
479:
475:
466:
460:
457:
444:
440:
434:
431:
418:
414:
413:
408:
402:
399:
387:
381:
378:
373:
369:
363:
360:
344:
340:
333:
326:
323:
318:
317:
309:
302:
299:
294:
290:
284:
282:
278:
265:
258:
252:
249:
237:
233:
226:
223:
210:
203:
200:
188:
184:
178:
175:
168:
163:
159:
156:
155:
151:
149:
147:
138:
136:
130:
127:
125:
121:
117:
113:
109:
105:
101:
97:
94:
90:
87:
83:
79:
71:
69:
67:
63:
59:
54:
52:
46:
44:
40:
36:
32:
28:
24:
19:
1534:
1479:Hamburgevons
1193:Television (
1179:Chinese room
1156:Sanity check
1039:Data masking
598:Cyberwarfare
509:the original
459:
449:22 September
447:. Retrieved
443:the original
433:
421:. Retrieved
417:the original
410:
401:
389:. Retrieved
380:
371:
362:
350:. Retrieved
343:the original
338:
325:
314:
301:
292:
268:. Retrieved
251:
239:. Retrieved
235:
225:
213:. Retrieved
202:
190:. Retrieved
186:
177:
142:
134:
128:
96:machine code
91:file (plain
75:
55:
47:
33:(EICAR) and
26:
22:
20:
18:
1484:Lorem ipsum
1465:filler text
1418:Utah teapot
1403:Cornell box
1184:Turing test
979:Misuse case
813:Infostealer
788:Email fraud
753:Data breach
588:Cybergeddon
230:Hess, Ken.
1616:Test items
1605:Categories
1461:Typography
1044:Encryption
920:Web shells
860:Ransomware
808:Hacktivism
571:Cybercrime
498:VirusTotal
169:References
162:email spam
116:engineered
89:executable
58:compressed
1580:Shakedown
1195:test card
875:Shellcode
870:Scareware
718:Crimeware
678:Backdoors
78:text file
39:antivirus
1505:3DBenchy
1441:ImageNet
1049:Firewall
954:Defenses
880:Spamming
865:Rootkits
838:Phishing
798:Exploits
241:17 April
192:17 April
152:See also
146:symlinks
139:Adoption
62:archived
1293:PM 5644
1289:PM 5544
1285:PM 5540
1281:PM 5538
1146:Pangram
890:Spyware
833:Payload
828:Malware
768:Viruses
748:Botnets
655:Threats
391:21 July
108:Windows
1084:(SIEM)
1061:(HIDS)
945:Zombie
682:Bombs
663:Adware
412:McAfee
270:3 July
215:3 July
100:MS-DOS
72:Design
1555:Lenna
1545:GTUBE
1509:Acid
1498:Other
1337:Quine
1272:ETP-1
930:Worms
925:Wiper
843:Voice
691:Logic
423:9 May
352:9 May
346:(PDF)
335:(PDF)
311:(PDF)
293:AMTSO
264:AMTSO
260:(PDF)
236:ZDNet
187:PCMAG
158:GTUBE
120:ASCII
82:bytes
66:AMTSO
1451:List
1423:List
1314:UEIT
696:Time
686:Fork
451:2020
425:2020
393:2019
354:2020
272:2019
243:2017
217:2019
194:2017
106:and
104:OS/2
86:.com
21:The
701:Zip
93:x86
60:or
25:or
1607::
1291:,
1287:,
1283:,
1265:,
1261:,
1257:,
1253:,
1249:,
1245:,
1241:,
1237:,
1233:,
1229:,
409:.
370:.
337:.
313:.
291:.
280:^
262:.
234:.
185:.
53:.
45:.
1523:3
1518:2
1513:1
1467:)
1463:(
1295:)
1279:(
1267:X
1263:W
1259:J
1255:H
1251:G
1247:F
1243:E
1239:D
1235:C
1231:B
1227:A
1197:)
1129:e
1122:t
1115:v
539:e
532:t
525:v
467:.
453:.
427:.
395:.
356:.
319:.
295:.
274:.
245:.
219:.
196:.
164:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.