EICAR-Test-File is a 68-byte file with the .com extension which is detected as EICAR-Test-File by antivirus software. This is not a virus; it's a test file that displays a text message and returns the control to the operating system.
Earlier, antivirus software vendors added various test files which simulated virus behavior to their antivirus packages to show how virus detection works in their solutions.
Later, they came to an agreement about developing a standard virus simulator which consists of text messages only. The latter allows any user to create such a "virus" manually (for example, by copying it from the documentation). The resulting .com file looks like this:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
If you copy and paste this text or enter it by command "copy con test.com", and run the resulting .com file, it will output the message EICAR-STANDARD-ANTIVIRUS-TEST-FILE! and return the control to the operating system. Most of antivirus software will detect it as EICAR-Test-File.
You can download the eicar.com test file which is ready to use from the Kaspersky Lab server by following this link: eicar.zip
