| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 32287 | 2003-04-14 11:00:00 | FAQ #15: How can I check that my anti-virus progrm is working? | Billy T (70) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 135767 | 2003-04-14 11:00:00 | Most of us have an anti-virus program installed, and we update it regularly, but how do we know it is working? The short answer is, unless you have the misfortune to receive a virus via email or while surfing, you simply won't know whether it is working or not . So, rather than waiting for a genuine nasty to strike, to check that your AV program really is working you can load a test-virus signature into your system to give your protection a genuine test . Note: These are not real viruses, they are simple code strings that exhibit virus-like characteristics and so can be detected by AV programs . The test signatures can be dowloaded from This Site ( . eicar . org/anti_virus_test_file . htm" target="_blank">www . eicar . org), but I have provided a basic example below: X50!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE !$H+H* As the internal text string states, this is the standard eicar anti-virus test signature . Copy and paste it into notepad, then save it as eicar . com . Put the file into a separate folder on its own (I call mine Test Virus) and it should be found during every scheduled scan . You can put the folder anywhere you want it, but it is best kept somewhere easy to find for manual checks . If your AV program is on the ball you may have problems saving the file without it being detected and repaired, so I recommend that you turn off your AV program while installing . If you can't turn it off, it may be necessary to save it as eicar . txt, then find it in explorer and rename it as eicar . com . Don't set your AV options to automatically repair infected files because the test virus will be disabled the first time your anti-virus program runs . Instead, set it to advise or notify that a suspected virus has been detected then cancel out after the scan . Provided that eicar is the only suspect named, you can safely ignore the program warnings that you may still have a virus . Once the test virus has been successfully installed in your chosen folder, do a manual scan and your AV program should find it and blow the whistle . If it doesn't, check to make sure you haven't accidentally added any hidden spaces at the beginning or end of the string . I also recommend that you keep a spare copy of the test virus on a CD or write-protected floppy in case you accidentally allow your AV program to "fix" your test file . This also allows the effectiveness of "auto protect" systems that monitor file transfers from removable media to be monitored . Just try to copy the file to your test virus folder! Cheers Billy 8-{) |
Billy T (70) | ||
| 135768 | 2003-04-14 22:08:00 | Please post any comments on this thread folks. The earlier one was a draft only that got posted accidentally. I'll answer Pauline's question posted in the earlier version in this thread later when I get back from doing some work.:D Cheers Billy 8-{) |
Billy T (70) | ||
| 135769 | 2003-04-14 22:46:00 | > Please post any comments on this thread folks . Oh, cool! :D OK then, may I suggest that you explain how to save the eicar . com file in Notepad . I am guessing that quite a few inexperienced people will not know that they need to choose the "All files" option when saving so that the file does not become eicar . com . txt . Apart from that it is pretty good, Billy . :-) |
Susan B (19) | ||
| 135770 | 2003-04-15 04:48:00 | Thanks Sis :x I'll do that. I usually try to see things through the eyes of a novice but sometimes the vision gets clouded.:p Actually, I decided to flesh out my earlier Eicar post into a full FAQ because although we don't get asked this question very often, our PF1 regulars didn't have an FAQ to send people to if they thought they needed to check the operability of their AV setup. It was a missing link so to speak. Cheers Billy 8-{) :D |
Billy T (70) | ||
| 135771 | 2003-04-15 05:28:00 | Don't you just need to download Kazaa and download lots of stuff? Or trun off your firewall, and browse around the adult sites? :D | Graham L (2) | ||
| 135772 | 2003-04-15 05:50:00 | >How can I check that my anti-virus progrm is working? install a virus ;) |
sc0ut (2899) | ||
| 135773 | 2003-04-15 05:53:00 | I thought of that Graham, but I couldn't get hold of your email address to send them all to you for personalised assistance if their system got munged by all those virii :p Post your email addy here:.................................... Cheers Billy 8-{) :D |
Billy T (70) | ||
| 135774 | 2003-04-15 07:51:00 | Now this is interesting. I tried that one out using the eicar string. Followed Billy’s instructions exactly (in fact saved it as each of eicar.txt, eicar.com and eicar.exe). Used AVG (with latest updated signatures) and no indication of any response to any of these files. I converted the non-text ones back to text and the string was unchanged. So! That gets us back to Iuvenal’s ancient question “Quis custodiet ipsos custodes?” which for present purposes can fairly translate as “Who diagnoses the diagnostician?” Is the problem with the virus checker, or is it with the checker of the virus checker, or is it … ? I must check that one out further. |
rugila (214) | ||
| 135775 | 2003-04-15 08:00:00 | I found that pasting Billy T's text and renaming it as .com or .exe did not work. Downloading the eicar test files did however. Not sure why it never worked from the string, as it worked from the test files downloaded, I did not investigate. I run eicar about twice a year as a confirmation AV software is working. |
godfather (25) | ||
| 135776 | 2003-04-15 12:51:00 | Yes, I agree with Godfather -- Billy's text did not work with my AVG either, but the text from the eircar site did. Must be something wrong with the forum's version somehow. |
Susan B (19) | ||
| 1 2 | |||||