Safely test antivirus software with EICARgen
Your antivirus software claims to be working all the time, monitoring every file you access for any potential threats -- but is this really how it is? EICARgen can help you find out.
This tiny freebie has a single task: to generate the EICAR Anti-Virus Test File on demand. EICAR isn’t an actual virus, not even executable code (it’s just a few characters of text), so it can’t harm your system in any way. But it is something which all antivirus programs should detect as a threat, making it very useful for testing.
EICARgen is a console-based tool, and is easiest run from a shortcut. Download and unzip the program, and configure it like this.
Click in the "Target" box and surround the path with quotes, like: "C:\Users\mike\Downloads\EICARgen_V2_1\EICARgen.exe"
At the end of that text, add a space, and the file type you’d like to create (zip, pdf, xls). Try zip, so it looks something like "C:\Users\mike\Downloads\EICARgen_V2_1\EICARgen.exe" zip
Double-click your shortcut, and wait. On our Norton-protected PC, Explorer showed eicar.zip appear immediately but there was no security response. This isn’t unusual, most antivirus tools limit their archive scanning for performance reasons (if you don’t mind slower scanning you can probably enable or extend archive checking in your settings).
If it’s the same with you, try extracting the contents or opening the file. We right-clicked eicar.zip, select 7-Zip > Extract to… and that’s where Norton stepped in, detecting the test file, deleting it and raising an alert.
Once you’ve completed that test, try replacing the zip switch in the shortcut with xls to create a new spreadsheet, and see how your system responds.
The test PDF file is even more interesting, because it shouldn’t be detected itself. Instead it displays an explanatory message, and uses an embedded script to create an EICAR test file whenever you click inside a rectangle. This worked faultlessly on our test PC -- the PDF loaded, Norton stepped in as soon as we clicked -- and may also be useful when testing security on other PDF-enabled platforms or devices.
EICARgen is an interesting tool, and a handy way to test your antivirus software, but just be careful what you do with it. EICAR test files are completely harmless, but if you email someone a copy of Eicar.zip, and it raises an alert, they won’t necessarily realize that. If you must share EICAR files, make sure the recipient fully understands what you’re doing, before you actually do it.