Testing Symantec Scan Engine 5.x with the EICAR test virus
|Article:TECH134229|||||Created: 2010-01-24|||||Updated: 2010-01-24|||||Article URL http://www.symantec.com/docs/TECH134229|
What to expect when testing Symantec Scan Engine 5.x with the Eicar test virus?
Symantec Scan Engine is able to catch the eicar test string in a file, the eicar string being, "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* ". Although this eicar test file cannot have any characters before the eicar string, or it will no longer be considered the eicar test virus and will not be caught by Symantec Scan Engine. The only characters that can be placed after the eicar string are space characters, tab, LF, CR, but the total length of the file cannot exceed 128 characters, or again it will no longer be considered the eicar test virus and will not be caught by Symantec Scan Engine.
This is a quote from the eicar site, and what to expect from AV products that support the eicar test virus,
“Any anti-virus product that supports the EICAR test file should detect it in any file providing that the file starts with the following 68 characters, and is exactly 68 bytes long:
The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. The only whitespace characters allowed are the space character, tab, LF, CR, CTRL-Z. “
Article URL http://www.symantec.com/docs/TECH134229