The Definition of an EICAR Test File

Cyber crime, conceptual image

The EICAR test file was created by the European Institute for Computer Antivirus Research—hence its name—in conjunction with the Computer Antivirus Research Organization. The file is designed to test how well antivirus software responds to a threat without using real malware.

Traditional antivirus software detects viruses and other malware using signature definitions. The EICAR test file is a non-viral string of code that most antivirus software manufacturers include in their products' signature definition files as a falsely verified virus. When your antivirus software encounters the EICAR file, it should treat it exactly as it would a real virus.

The EICAR test file allows users to check whether their antivirus software is running properly. For example, if you try to open an test file while your real-time protection feature is enabled, the antivirus software should generate an alert. 

Creating an EICAR Test File

You can download an EICAR test file, or you can create one using any text editor, such as Notepad or TextEdit. To create an EICAR test file, copy and paste the following line into a blank text editor file:


Save the file as It is now ready for testing. You can compress or archive your new file to test the ability of the antivirus to detect malware in a compressed or archived file. In fact, if your active protection was working properly, the simple act of saving the file should have triggered an alert: "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!"

The test file is an executable file that can be read by MS-DOS, OS/2, and 32-bit Windows. It isn't compatible with 64-bit Windows.

Was this page helpful?