We are currently building a product that allows users to upload a file that we will then place on a publicly-available website. One of the requirements is that we check the uploaded file for viruses first. This presented an interesting testing opportunity.
Our enterprise anti-virus software can scan the uploaded files, and delete them if a virus is detected before they are moved to the externally-accessible location. But how to test this? We couldn't use a real virus - that's far too dangerous.
Fortunately, there's a nice solution. Eicar, the European Institute for Computer Antivirus Research, in conjunction with most major anti-virus vendors, has created a file that is not a virus itself, but will cause most anti-virus software to react as if it were a virus.
If you copy the following 68-character string into notepad, and save it to a text file, your anti-virus software will treat that file as if it contained a virus: copyrightjoestrazzere
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*(Or download one of the files from http://www.eicar.org/anti_virus_test_file.htm)
For my tests, I simply had to take this file to a machine that had its own anti-virus software temporarily turned off, then submit it to the new product.
- Test completed.
- The product reacted as expected.
- The appropriate message was written to the event log.
- The appropriate warning message was displayed to the user.
- The "pseudo-infected" file was deleted and not made public.
- Test Passed!
See also:
http://en.wikipedia.org/wiki/EICAR_test_file
http://antivirus.about.com/od/whatisavirus/a/eicar.htm
http://www.anti-malware.info/weblog/2006/09/eicar-anti-virus-test-file-changed.html
