Downloads / EICAR Test Files

The EICAR antivirus test file is used for determining if an antivirus product will sufficiently detect viruses. This test file is not a real virus and is only used for testing the effectiveness of antivirus products.

For more information on this file, and it's history, see the EICAR web site.

How To Use

Download the "eicar.com" test virus and a virus signature for the test virus "eicar.vdl" to your target machine and execute UAD and VFind as shown to test the sample. Please be sure to download the .com and .vdl files.

Version 2 (Current Version)

The EICAR Version 2 test suite was made necessary, when some viruses started to use the EICAR test string as camouflage. Many antivirus products would detect the EICAR string and not report the virus. This was never a problem with our VFind Tool, which reported both the virus and the EICAR test string. The problem was corrected when the EICAR changed the test standard, so that the test would only be positive if the string was exact and did not contain any additional bytes of data either before or after the test string. According to the standard, any antivirus product which detects the EICAR test string as a subset of a byte stream of data would fail the test - this test suite conforms to the standard. Please read the Version 2 EICAR like test suite below.

eicar2.com

EICAR 2 Test Virus (this is not a real virus)

eicar2.vdl

EICAR 2 Virus Signature

Version 2 (Non Standard)

This version does not conform to the EICAR test standard. It will detect the test string even as a subset of a larger byte stream. This test suite is the same as the obsolete Version 1 test suite.

eicar2_nonstd.com

EICAR 2 (Non Standard) Test Virus (this is not a real virus)

eicar2_nonstd.vdl

EICAR 2 (Non Standard) Virus Signature

Version 1

This version of the EICAR test suite has been officially made obsolete by EICAR and is included here for completeness.

eicar1.com

EICAR 1 Test Virus (this is not a real virus)

eicar1.vdl

EICAR 1 Virus Signature