Back when I was picking up on the requirements of the function I’m testing, one of the things that kinda stood out is the part wherein our program is supposed to handle virus-infected files. My first thought was how exactly would I do that without getting into trouble with the sysads. By the time I started testing, the third-party anti-virus program that we’ll be using hasn’t been finalized yet. My dev provided a temporary function to simulate the detection of an infected file. Though eventually — and inevitably — I will have to try using our program with the selected anti-virus, and I will have simulate having an infected file. When that time comes, I’ll probably use an EICAR virus.
I first heard about the EICAR virus when I asked my dev if he knew a safe way of simulating the said case. I also heard one other team mate already had a pseudo-infected file already, but he said he had lost it when his PC’s anti-virus zapped it out of existence. I’ve nearly forgotten about it until I came across a blog feed on testing virus recognition.
To get a pseudo-infected file, either:
(a) Download it from http://www.eicar.org/anti_virus_test_file.htm, or
(b) Make one yourself by saving this 68-character string into a text file: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*