EICAR Standard Anti-Virus Test File

Me, myself & IT

EICAR Standard Anti-Virus Test File

Purpose
Background Information
Alternative Formats
Authenticity and Integrity
Download
Installation: Automatic online installation; Manual offline installation
Deinstallation

Purpose

The setup script EICAR.INF creates

an entry MS-DOS Application in the New context menu of Windows Explorer to create the EICAR standard anti-virus test file;
a bookmark EICAR.URL in the current user’s Favorites folder that contains a data URL which creates the EICAR anti-virus test file when opened in a current WWW browser.

Background Information

The anti-virus test file EICAR.COM is a 16-bit real mode DOS program that prints the text

EICAR-STANDARD-ANTIVIRUS-TEST-FILE!

upon execution. Its binary code

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

is a pure ASCII text of 68 bytes length which should be detected by every anti-virus program.

Alternative Formats

The EICAR anti-virus test file can also be created directly by current WWW browsers through data URLs in the following file formats:

a 16-bit real mode DOS program EICAR.COM
a (compressed) cabinet archive EICAR.CAB containing EICAR.COM
a (compressed) ZIP archive EICAR.ZIP containing EICAR.COM
a (compressed) jar archive eicar.jar containing EICAR.COM
a tar archive eicar.tar containing EICAR.COM
a (compressed) gzip file eicar.gz containing EICAR.COM

Authenticity and Integrity

EICAR.CAB is digitally signed using an X.509 certificate issued by WEB.DE TrustCenter E-Mail Certification Authority.

Serial number of the certificate: 0x04605052 = 73420882
Fingerprint of the certificate: MD5: e5 0b 01 66 ce 2e 7a 03 f4 98 39 37 f6 f9 9f ba; SHA-1: 79 05 5d 63 2f 03 31 83 04 e2 ff 3b 25 b9 cc b6 70 ad ec 31

Download and install the CA and root X.509 certificates of WEB.DE to validate and verify the digital signature.

Note: unfortunately WEB.DE abandoned their trust center in 2018 and removed all pages and download links in 2019; fortunately the Wayback Machine archived the TrustCenter page, the CA and the root certificate.

Note: due to its counter signature alias timestamp the digital signature remains valid past the X.509 certificates expiration date!

Download

The shortcut icon EICAR.ICO and the setup script EICAR.INF are packaged in the (compressed and digitally signed) cabinet file EICAR.CAB.

Installation

Installation requires no administrative privileges and access rights.

Automatic online installation

When visited with Internet Explorer, this web page will prompt to install (the contents of) the package using Internet Component Download.

Manual offline installation

Download the package EICAR.CAB and verify its digital signature, then open it in Windows Explorer, extract its contents, right-click the extracted setup script EICAR.INF to display its context menu and click Install to run the installation.

Note: on Windows Vista and newer versions of Windows NT, InfDefaultInstall.exe, the application registered for the Install verb of *.inf files, requests administrative privileges.

Deinstallation

Not provided.

Contact

If you miss anything here, have additions, comments, corrections, criticism or questions, want to give feedback, hints or tipps, report broken links, bugs, deficiencies, errors, inaccuracies, misrepresentations, omissions, shortcomings, vulnerabilities or weaknesses, …: don’t hesitate to contact me and feel free to ask, comment, criticise, flame, notify or report!

Use the X.509 certificate to send S/MIME encrypted mail.

Note: email in weird format and without a proper sender name is likely to be discarded!

I dislike HTML (and even weirder formats too) in email, I prefer to receive plain text.
I also expect to see your full (real) name as sender, not your nickname.
I abhor top posts and expect inline quotes in replies.

Terms and Conditions

By using this site, you signify your agreement to these terms and conditions. If you do not agree to these terms and conditions, do not use this site!

The software and the documentation on this site are provided as is without any warranty, neither express nor implied.
In no event will the author be held liable for any damage(s) arising from the use of the software or the documentation.
Permission is granted to use the current version of the software and the current version of the documentation solely for personal private and non-commercial purposes.
An individuals use of the software or the documentation in his or her capacity or function as an agent, (independent) contractor, employee, member or officer of a business, corporation or organisation (commercial or non-commercial) does not qualify as personal private and non-commercial purpose.
Without written approval from the author the software or the documentation must not be used for a business, for commercial, corporate, governmental, military or organisational purposes of any kind, or in a commercial, corporate, governmental, military or organisational environment of any kind.
Redistribution of the software and the documentation is allowed only in unmodified form of its current version and free of charge.

Data Protection Declaration

This web page records no (personal) data and stores no cookies in the web browser.

The web service is operated and provided by

Telekom Deutschland GmbH
Business Center
D-64306 Darmstadt
Germany
<‍hosting‍@‍telekom‍.‍de‍>
+49 800 5252033

The web service provider stores a session cookie in the web browser and records every visit of this web site with the following data in an access log on their server(s):

the (pseudonymised) IP address;
the date and time of the request;
the URL of the requested web page or file;
the Referer and User-Agent HTTP headers sent by the web browser;
the result (success or failure) of the request;
the amount of data received and sent.