Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

How to test your antivirus software?

Marik

By Marik
in Guides & Tutorials

Recommended Posts

Marik

Marik

Posted
Posted

You installed an antivirus, commercial or not, and you would like to know is he well configured, that he is active and that you are well protected. It is not recommended playing with fire and visiting dangerous websites to check can your antivirus detect any kind of virus. You would indeed be likely to expose your computer at the very important risk which can go until the compromising of your computer and the loss of data.

To test your antivirus in full safety, you can use the file of Eicar test. This file is detected as a virus by the antiviruses but it is not one, it does not contain any viral code. If the false virus is detected, it is that your antivirus is active and protects you.

1. To create this false virus, you need simply to create a file inside Windows. Click on the Start button, All Programs, Accessories then on Notepad.

2. Then recopy the following character string in the Notepad:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

264565404321054.jpg
Type above line of text within Notepad

3. Then save the file while clicking on File then Save as.

4. Unroll the “Save as type” list then select the option All files.

5. Add the name of file eicar.com in the zone File name. Choose the location where you want to save it (on Desktop) and then click on Save button.

6. If your antivirus is correctly activated, it must then alert you instantaneously presence of the Eicar virus.

7. Then ask your antivirus to remove the file. In my case I had installed Norton Internet Security and file was recognize and removed automatically without any additional action from me.

0545046546546.jpg
Norton Internet Security did recognize Eicar virus immediately after I clicked on Save button

If your antivirus does not see anything, than you have a problem. It could be because of two reasons: permanent protection is badly configured or there were some problems during antivirus installation. Then you have to read documentation of your software to correct this problem.

If the false virus is still not detected, you must then seriously think of changing anti-virus software.

Link to comment
Share on other sites
  • Replies 16
  • Views 7k
  • Created
  • Last Reply
myidisbb

myidisbb

Posted
Posted

there is a down side to this test. the anti virus companies know they have to find this one text virus or they are !@#$.

so important that norton gives it a high risk. lol. that one test they mustnt fail.

Link to comment
Share on other sites
g4m3cub3

g4m3cub3

Posted
Posted

Is there a technical explanation as to why this line is supposed to be detected as malicious? Is it because of the .com file extension?

Link to comment
Share on other sites
Marik

Marik

Posted
  • Author
Posted

no...not really...you can rename the extension to whatever you like to...".exe" ".bmp" ".dll"...and so forth...

the explanation is quite easy...those numbers/letters emulates a virus alert that is used to test av's...there's nothing more to it other than that, it's just a simple script

Link to comment
Share on other sites
einstürzende

einstürzende

Posted
Posted

Ok, here is source site for testing:

http://www.eicar.org/anti_virus_test_file.htm

On that site you can find eicar (standard AV test file) provided on HTTP(80), HTTPS(443) protocols and also in .txt and .com format, zipped onto two level..., very useful set of scenarios for testing your AV real time detection capabilities...

Sorry for bad Aenghleaze, I know....

Thanks

Link to comment
Share on other sites
LoKz

LoKz

Posted
Posted
Ok, here is source site for testing:

http://www.eicar.org/anti_virus_test_file.htm

On that site you can find eicar (standard AV test file) provided on HTTP(80), HTTPS(443) protocols and also in .txt and .com format, zipped onto two level..., very useful set of scenarios for testing your AV real time detection capabilities...

Sorry for bad Aenghleaze, I know....

Thanks

Cool the file is already done for you in other formats and stuff.. ;)

Link to comment
Share on other sites
Tha_Thug

Tha_Thug

Posted
Posted

great thanks. is there another kind of test that can be used to test you're anti virus programs effectiveness. Or Maybe one for Firewalls.

Link to comment
Share on other sites
einstürzende

einstürzende

Posted
Posted
great thanks. is there another kind of test that can be used to test you're anti virus programs effectiveness. Or Maybe one for Firewalls.

P.S. I can pm you with virus collector address for further testings, I am pretty sure that link will be removed from my post...

Edit:

OK, I will try:

http://vx.netlux.org/

Click on collection link on that site, WARNING: REAL VIRUSES/MALWARE, pretty well organized (named by kasperskys virus terminology - very popular among virus collectors), zipped and "extensionless" - (inside zip archives), so chances for selfinfection are minimal...

On that site you can find various "vxers" stuff, which some people considered dangerous for PC security and illegal to have or/and distribute.

Thanks

Note to mods and admins:

please feel free to delete post/link if you want...

Edit2:

There is "slight" possibility that your AV will not "see" malware on that site on downloading phase (by protocol, ports scanning component of your AV-in case your AV solution have that module-component), that is because some of files(malware) from that site is provided via FTP on "194.109.206.210" IP address or "outpost.zedz.net" domain.

FTP protocol is very rare or never scanned by AVs.

FW rule should be: allow outbound TCP connection on 194.109.206.210 - in case you cannot download some files from that site

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...