User Guide

Testing application operability 69

6.2. Testing the application using

EICAR

This test "virus" recommended for application testing has been developed by

(The European Institute for Computer Anti-Virus Research) specifically

for the purpose of verification of the anti-virus software operation.

It IS NOT A VIRUS and contains no code that may harm your computer.

However, most products of anti-virus vendors identify it as a virus (The European

Institute for Computer Antivirus Research).

Never use real viruses to test the operation of your anti-virus

application!

The test "virus" can be downloaded from the official site of EICAR at:

http://www.eicar.org/anti_virus_test_file.htm

. If you have no Internet access, you

can create a test "virus" manually. To do so, enter the line below in any text

editor and save the file as eicar.com:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

The file that you downloaded from the EICAR site or created in a text editor as

described above, contains the body of a standard test "virus". The anti-virus

application will detect it, flag it as Infected and perform the specified action for

objects with this status.

To test the application's response to other types of objects, modify the body of

the standard test "virus" by adding one of the prefixes below (see Table 1).

You can verify the proper operation of Kaspersky SMTP-Gateway

using modifications of the EICAR "virus" only if your anti-virus

databases were last updated on or after October 24, 2003, or has the

cumulative updates for October 2003.

Table 1. Test "virus" modifications

Prefix Object type

No prefix,

standard test

"virus""

Infected. An error occurs during disinfection. The object will

then be deleted.

CORR–

Corrupted.

SUSP–

Suspicious (unknown virus code).

WARN–

Suspicious (modified code of a known virus).