| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 32286 | 2003-04-14 10:49:00 | FAQ #15 How do I check if my anti-virus is working? | Billy T (70) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 135753 | 2003-04-14 10:49:00 | Most of us have an anti-virus program installed, and we update it regularly, but how do we know it is working? The short answer is, unless you have the misfortune to receive a virus via email or while surfing, you simply won't know whether it is working or not . So, rather than waiting for a genuine nasty to strike, to check that your AV program really is working you can load a test-virus signature into your system to give your protection a genuine test . Note: These are not real viruses, they are simple code strings that exhibit virus-like characteristics and so can be detected by AV programs . The test signatures can be dowloaded from This Site ( . eicar . org/anti_virus_test_file . htm" target="_blank">www . eicar . org), but I have provided a basic example below: X50!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE !$H+H* As the internal text string states, this is the standard eicar anti-virus test signature . Copy and paste it into notepad, then save it as eicar . com . Put the file into a separate folder on its own (I call mine Test Virus) and it should be found during every scheduled scan . You can put the folder anywhere you want it, but it is best kept somewhere easy to find for manual checks . If your AV program is on the ball you may have problems saving the file without it being detected and repaired, so I recommend that you turn off your AV program while installing . If you can't turn it off, it may be necessary to save it as eicar . txt, then find it in explorer and rename it as eicar . com . Don't set your AV options to automatically repair infected files because the test virus will be disabled the first time your anti-virus program runs . Instead, set it to advise or notify that a suspected virus has been detected then cancel out after the scan . Provided that eicar is the only suspect named, you can safely ignore the program warnings that you may still have a virus . Once the test virus has been successfully installed in your chosen folder, do a manual scan and your AV program should find it and blow the whistle . If it doesn't, check to make sure you haven't accidentally added any hidden spaces at the beginning or end of the string . I also recommend that you keep a spare copy of the test virus on a CD or write-protected floppy in case you accidentally allow your AV program to "fix" your test file . This also allows the effectiveness of "auto protect" systems that monitor file transfers from removeable media to be monitored . Just try to copy the file to your test virus folder! Cheers Billy 8-{) |
Billy T (70) | ||
| 135754 | 2003-04-14 11:31:00 | Ignore this one please fellas & fellesses :) It got posted accidentally during a browser freeze and I didn't know it had gone. I was still editing. :| Cheers Billy 8-{) [b][pre]How embarrassing :8} |
Billy T (70) | ||
| 135755 | 2003-04-14 20:16:00 | Had a look at that,sounds to convoluted for me,will use the crossed fingers method;) | Thomas (1820) | ||
| 135756 | 2003-04-14 21:17:00 | Hi Billy T, I installed the Eicar Test Virus when you posted about it last time. Norton's always shows it up when doing a virus scan so that's good, it is sitting in Quarantine is this where I can leave it? Whenever I do a clean out of the Quarantine I leave that one in there. I was telling a friend about it be he seems to think that people could change the code of it & then it becomes a real virus. Is that possible? This is starting to get way out of my league when people start talking about changing codes. Pauline. |
Pauline (641) | ||
| 1 | |||||