Monday, February 18, 2013

How to Test the Working of Your Antivirus

Have you ever wondered how to test your antivirus software so as to ensure it’s proper working? Well, here is a quick and easy way to test your antivirus. The process is called EICAR test. This test is designed to work on any antivirus software and was developed by European Institute of Computer Antivirus Research.
This process can be used by people, companies and antivirus programmers to test the proper functioning of the antivirus/antimalware software without having to deal with the real computer virus which can cause damage to the computer.
Here is a step-by-step procedure to test your antivirus:
  1. Open a notepad (New Text Document.TXT) and copy the following code exactly onto it, and save the notepad.
    EICAR Test code
    X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
  2. Rename the file from “New Text Document.TXT” to “virus-sample.com”.
  3. Now run the antivirus scan on this “virus-sample.com” file.
If the antivirus is functioning properly on your computer, then it should generate a warning and immediately delete the file upon scanning. Otherwise you may have to re-install your antivirus.
NOTE: Most antivirus will pop-out a warning message in the Step-1 itself.
You can also place the “virus-sample.com” file in a ZIP or RAR file and run a scan on it so as to ensure whether your antivirus can detect the test string in the compressed archive. Any antivirus while scanning this file should respond exactly as it will do for a genuine virus/malicious code.
This test will cause no damage to your computer even though the antivirus will flag it as a malicious script. Hence, it is the safest method to test the proper functioning of any antivirus.

How EICAR Test Works?

During the development of the antivirus software, the AV programmers flag the EICAR test code/string as a verified virus. This is a standard adopted by every AV company so as to make the testing process simple and risk-free. Therefore, every antivirus will respond to EICAR string in the same way it does for a genuine malicious code.