Header Image What Is The Eicar File

What is the EICAR File?

A lot of our customers come to us because they've had a pen-test and one of the checks was "Test Upload of Malicious Files".

During the pen-test, a security tester has attempted to upload a 'malicious' file to their servers and they failed to detect the file as a virus or malware. Making a check like this is listed in the OWASP security testing guide however many people fail the check.

Also, in our early days, a number of our customers asked how they could test that they'd correctly integrated AttachmentScanner into their Website or API. How did they know that their integration was working without actually having to upload a virus? That's exactly what the Eicar file was designed for.

The File Contents

The Eicar file itself is a real and valid executable, called a COM file (hence you may see it as eicar.com). When executed in Windows the file will simply print "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!" and close.

The content of the file is straight forward and uses a standard ASCII that anyone could type themselves if needed:

Eicar File Content

Although several security professionals feel this file isn't useful (as it's not a real piece of malware) we use the file in a number of our examples and it's hosted as an example of testing at https://www.attachmentscanner.com/eicar.com.

The string should also be detected within compressed or archived files, or even embedded in other content that our antivirus/malware scanning engines can read.

If you make a scan to our server with this URL you'll see that a match is found and you can rest assured that your integration is working correctly without having to upload a piece of real malware to your site and run the risk that may entail.

curl -i -H "Authorization: Bearer API_TOKEN" -d "url=https://www.attachmentscanner.com/eicar.com" -XPOST http://API_URL/v0.1/scans

Give it a try now and you'll be passing that security test in no-time! (Remember to set your API_TOKEN and API_URL)

AttachmentScanner Team