The EICAR antivirus test file is used for determining if an antivirus product will sufficiently detect viruses. This test file is not a real virus and is only used for testing the effectiveness of antivirus products.
For more information on this file and it's history, see the EICAR web site.
Download the "eicar.com" test virus and a virus signature for the test virus "eicar.vdl" to your target machine and execute UAD and VFind as shown to test the sample. Please be sure to download the .com and .vdl files.
The EICAR Version 2 test suite was made necessary when some viruses started to use the EICAR test string as camouflage. Many antivirus products would detect the EICAR string and not report the virus. This was never a problem with VFind which reported both the virus and the EICAR test string. The problem was corrected when the EICAR changed the test standard so that the test would only be positive if the string was exact and did not contain any additional bytes of data either before or after the test string. According to the standard, any antivirus product which detects the EICAR test string as a subset of a byte stream of data would fail the test - this test suite conforms to the standard. Please read the Version 2 EICAR like test suite below.
This version does not conform to the EICAR test standard. It will detect the test string even as a subset of a larger byte stream. This test suite is the same as the obsolete Version 1 test suite.