28 total posts
Test anti virus program
How To Test Your Antivirus Program
First and foremost, make sure that your onboard antivirus program has the most current virus definitions available. New viruses happen daily and old definitions will NOT protect your machine. In addition, the EICAR test file method below is a very rudimentary method of testing, but it's a good procedure to know. (The EICAR test file is NOT a virus. It is only a test file designed to be detected by most current antivirus programs.) There are a number of different methods to make sure that the antivirus program on your computer is working but this one should help you get a basic understanding for the process.
Two important virus "inroads" to your computer are through e-mail messages and downloadable files. Check to make sure that your background scanner is working by clicking on the link below, then click on the downloadable EICAR test virus links at the very bottom of the page. Your antivirus should warn you of an attempt to download an infected file. If the .zip files aren't detected, then you may need to change the background scanner settings to allow for compressed file scanning.
Next, try sending yourself an EICAR test file as an attachment in your e-mail. In order to do so, you'll need to temporarily disable the antivirus. After doing so, you can create an EICAR test file using the instructions below, or simply use the website above to download one of the EICAR test files to your desktop. AFter doing so, send yourself an e-mail message with the EICAR test file as an attachment. AFter doing so, close your e-mail program...re-enable your antivirus program, then open your e-mail program again in a few minutes and download the message. Depending on your e-mail client, and your antivirus program, the EICAR test file should be detected during the download or when prescanning the file in a separate folder. (If it is not, please see the instructions at THIS LINK)Delete the file and message when found.
How To Create An EICAR Test File
Temporarily disable your computer's antivirus program. Then, RIGHT click on a blank area of your computer desktop, choose "New" from the menu, select "Text Document". Now double click on the new text document to open it. Highlight and copy the entire line of text below, then RIGHT click in the blank area of the new text document, choose "paste" from the menu to paste the line in the document.
After the line of text above is copied into the new text document, click on "File" in the upper left corner of the file, choose "Save", then click on the X in the upper right corner to close the document. Now rename the "New Text Document" to "EICAR.COM" by RIGHT clicking on the file, choose "Rename", then type "EICAR.COM" into the file name area. Click once on the desktop to save the name, and choose "yes" when it asks: "Are you sure you want to do this?"
You now have an EICAR test file that can be used for testing your antivirus program. Be sure to re-enable your antivirus program after temporarily shutting it down. Try sending yourself the test file, or try testing your RIGHT click scanner by right clicking on the file, choose "Scan for Viruses".
PLEASE BE AWARE...THE EICAR test file is NOT a guarantee that you're computer won't get infected. It's just one of a number of tools.
Hope this helps.
Posted by: Grif Thomas Moderator (see profile) - 05/26/2004 10:40 AM
In reply to: A Few 'Tips' For Computer Newbies by Grif Thomas Moderator
send a blank message to firstname.lastname@example.org
You'll need to include marchalsoftware.com in your spam filters white list if you are using one.
You'll get a reply with links that will allow you to test how well your antivirus software as well as your email client.
Not a Very Good Idea
I read the text at EICAR site and, personally, I think that unless you have a degree in Computer Science, you'd have to be an idiot to perform that test. It is far better advice to buy any respected AV program and religiously keep the definitions up-to-date. That's easy enough to do without taking the chances involved in that test, especially given that EICAR claims no responsiblity for problems caused by the test and apparently, there can be many.
Grady, EICAR is Safe...No Degree Required..
The EICAR test file is exactly that..It's a universal test file which will not hurt your computer..It IS NOT A VIRUS. It's basically a test file which contains the text written below:
If you copy the above text to a new text file, then name it "EICAR.com"...your antivirus should detect it AS you try to "save" or "rename" it. Likewise there are a number of EICAR test sites where you can run a test by clicking on download links at the site. It is a very basic "test" for antivirus programs and should cause no problems.
I've used it literally hundreds of times and never had a problem..The only problem I've ever seen occur is an inability to delete the file..It only happens rarely and occurs because of a glitch in the system of that particular computer..Eventually the file can be removed by going to safe mode.
Hope this helps.
Totally agree Grif..
Have used EICAR test many times, and it will show if your AV program is working, at least on a basic level.
But since a good AV program won't let you fool with it, then you will have to probably shut down your AV to even delete it. Or as you said, maybe go to Safe Mode.
A very safe test, as no "real" virus is present.
Have you ever read what the agreement thing on every program you can buy at the store say? They also say they that their are not responsible for problems caused by running or loading these programs, and these are programs that just about everyone has on there computers. If you do not believe me, load a program and when it come to the part that almost everyone just clicks yes and does not even read, when it say do you "agree" or "disagree". That is what this part of almost all programs say. Some might add that they may pay up to a curtain amount. But I have seen that say they will not over anything that happens. Just know what you are putting on your computer and why you need it. If this is a legit test, and people want to test there system so be it. Me, I do it the foolish way, if I get an email that I think may be a virus, or that I know is a virus. So far, (knock on wood) every time my Antivirus program as caught it. But this can be, as I said a foolish why of testing, especially if the virus is newer than the definitions. So is not advised for anyone to do.
I tried all of the EICAR Tests with Kasperskey 5.0 Personal and I was able to test and delete the files with no problem.
A bad idea indeed...
I though there are many here that say the contrary, I would have to agree with Grady - I had to download the EICAR test string from my university's server in order to gain internet access in my residence, and since then, my Norton AV started essentially spamming me with virus alerts with different .com object names, incessently. Then, after getting rid of NAV and getting ZoneAlarm Security Suite, the anti-virus scanner won't run properly, because it stalls (stalled) from 13,699 (I kid you not - the scan has been running for 24 hours, and continues as I type to try and scan) "Infections Found." Grif, you said that I could delete the file in safe mode if I had to, but the thing is, there isn't just one file anymore, and even if there was, I wouldn't know what the name of it was, because I downloaded the test so many months ago.
I would love to say that using EICAR is good advice from you Grif, but I also would like to get my computer and AV software working correctly again, and to get the haunts of EICAR off my PC. Please - I implore you to prove me wrong and offer my computer a solution to this problem. Thanks, if you (or ANYONE) can help or point me in the right direction.
I Can Only Say...
I've used the EICAR test file on a few hundred computers and I've never had a problem..
Would you please explain some of your statements..
1. "I had to download the EICAR test string from my university's server in order to gain internet access in my residence". First, there's no reason to "download" anything. I'm not sure why a university server would do what you suggest. You can create a test file of your own by using a text file and copying the EICAR text, then rename it...(your operational antivirus should immediately notify and delete the test file) or... you can click on the test links at various EICAR test sites and your antivirus will alert you upon attempting the download..
2. Because of your statement: "after getting rid of NAV and getting ZoneAlarm Security Suite, the anti-virus scanner won't run properly, because it stalls", it appears like you've had THREE different antivirus programs on the computer at the same time? You got rid of NAV, then you got rid or ZA Security Suite, and yet you still had another antivirus scanner to use? Having more than one antivirus program on your computer can easily cause such issues.. Basically, the resident AVP's conflict over what to do in order to delete the problem file..
In the meantime, please click on either or both of the links below and run the free ONLINE scans they provide.. Since it's possible that you may have other malware on the machine, the online scans are a great "second opinion" when your onboard scanners aren't functioning correctly. (Personally, I prefer Housecall but either one should work.):
Housecall Online Scanner
Panda Online Scanner[/
Hope this helps.
"I am not really a newbie to computers but fell like one"
I was very sick for a few years and a lot as changes sense my old computer. I have a new hp computer and have been told that my computer is working fine, but on my old computer when the virus scanner was working at the bottom of the page at the right. it would say protection mode on and when it was not working would say it was off. now at the bottom if all pages it says protection mode off. Iyogi tech support witch is suppose to help with Microsoft trouble all hard ware trouble and software problems. say that it does not have any thing to do with the AVG virus scanner have. they say it has to do with windows vista. they say if that was turn on that it could cause all kinds of trouble so in there words it is best this protection mode to stay off. i use my virus scanner daily and it always says so many warning but says no virus found. i read some of the email above and when i am off line will read the rest of it. but there our a lot of words and letter that i don't under stand. it is still hard for me to do tech work on my computer. alot has to do with not be able to concentrate for long periods of time. i always have health issue but doing computer help me to be more active. i try to come on some at least once in the morning or once a day. thanks for listing and well try to concentrate if i get any reply to make sure if i need to do any to the computer that i learn and do it the right way. thanks sham1313
Griff provided one method and...
here is another.
Go to these links and have the emails sent to you. See how many get blocked (all are not viral so pick and choose which you want sent to you).
Now DISABLE your AV program and have the same emails sent. You should receive all. Copy the attachemnts to another location on your drive.
Now enable the AV and do a system scan--it should find them.
NONE of the messages contain a real virus or threat, they just check to see if your AV "spots" the signature. SOME of them may be zipped and may not be spotted immediately by your AV. If not it should spot them when you try to unzip them or it should spot them when you try to run them.
Non IE-OE mail client
All of the GFI test indicate Outlook as the mail client
Will they also work on Mozilla Thunderbird.
A non Microsoft client...
will still receive all the emails from the GFI link but you could also simply select only the ones that do not specify OE or Outlook. (actually only 6 of the 17 indicate OE or Outlook)
For instance the CLSID, double file extension, Popup object, Long Filename, Iframe remote vulnerability test, and many others may show vulnerabilities you are exposed to regardless of your email client or default browser. IF you are using Windows you are using an integrated system.
In short, YES you can make use of them regardless of what at first glance they seem to be oriented toward checking.
Another way to test it is to
get a free on-line scan (I use housecall) from any of the following sites.....since some viruses actually can disable your installed av program, it can't disable the live on-line scan.
Make sure that you don't have viruses or spyware resident on the machine. Please click on any of the free online virus scanners at the links below:
You can get an online scan for viruses, trojans and variants at any of the following....however, all except one runs with an Active X control and will only work with Internet Explorer. The Trend scan link also includes a link for a Java version that can be run by other browsers such as Firefox.
I would say if you dont get any viruses your antvirus program is working
Only the pros need that...
I haven't to date ever seen or heard a test pgm. for any AV pgm.. There *maybe* something out there but for the typical user, it would be in practical terms, unwanted results. No telling what could happen plus it could get ugly fast.
In my experience the best test, is real life usage. Visit websites that in all likleyhood will try what they may to get something on you or are the vehicle for malware. You goto the "dark side" of the web :(. However, doesn't expect any one AV pgm. to be enough, I've found repeated instances where some malware gets through, but the effect is lessen or dampen abit but never-the-less a PITA for a time. Remember. all AV pgms. can protect against *known* attacks and possible known weakness, so always update the OS, the AV itself and use multiple scanners whether you use or online provided. Plus turn-OFF Active-X and Java process but allow the browser to ask for use and/or know where you're going, thus "trust the website" sort of thing.
good luck -----Willy
Do NOT Follow that Recommendation
I strongly disagree with Willy's post and urge you to NOT visit the "dark side of the web" or try to get any malware installed on your machine just to see if your AV program is working. That's like shooting yourself to see if the gun is working.
The earlier recommendations for non-virus testing of your AV program are correct and will let you know if your AV program is working without exposing you to the actual chance of an infection.
If you keep the AV definition files up to date, keep the scanning programs for email, etc. active, and regularly scan your computer (weekly has always worked for me), you'll have a good line of defense in place. Additionally, if you can passoword-protect your AV program, I would recommend doing that. Some virus programs can disable AV programs, but usually not if the AV program is password protected.
The real world
You can test all you want, but the real world is the "final test". One reason any fake or trial test can work is that the "known signature" is simply known. In no way is that a real test other than to say, its works for that, gee wasn't it suppose to. The real world provides what is "unknown" but many fall even in the simplest protection phase, they're too trusting. Yes, there can be hardship but at least go into it with some protection and forethough and try to be ready. One reason, I say only the pros should worry about such things and then pass on the info as updates and possible removal tools.
How can I test if my a/v is working ?
The best way without a doubt is to go to www.symantec.com and run their 'security scan'. If your pc is vunerable this scan will tell you what the issues are. Dont forget that a firewall is an essential part of your pc security too if you want a free firewall I suggest that you check out www.zonelabs.com. You can download their personal firewall for free. Peter (UK)
(NT) ...the same way you test the airbags on your car...
AVG working too well.
I also am using the Free AVG av program. I do like that it does an update as soon as I turn the computer on. (I presume that Norton antivirus and Microsoft AntiSpyWare is also active, but not 'boasting' about it).
My problem with AVG is that is has stopped letting me retrieve my e-mail (Mozilla Thunderbird) nor does Thunderbird tell me I have new mail (I do get a few daily via subscriptions). AVG puts up a banner "AVG e-mail scanner / AutoPOP3: connecting to mail.flintrockstables.com" (the .com was different yesterday). Since this is a FREE program there does not seem to be any tech support available. I have been getting my e-mail through my DSL ISP (using Mozilla Foxfire). I do not think it is related, but this started after I was off line for about 12 days for vacation and had about 45 messages in queue. Any suggestions on how to let AVG let me to retrieve my e-mails via my e-mail account.
DC, You Have Norton AND AVG Running?
If that is the case, then I suggest you uninstall one or the other. Conflicts, especially with Norton Antivirus can easily cause the issue you are seeing..Norton's installation instructions request that ALL other antivirus programs be removed before installation of NAV.
Hope this helps.
(NT) 2 AV programs okay?
I've read that if you run more than one AV program, one compromises the other. Is this like oil and water??(I use McAfee with updates automatic. Comes w/MSN Plus browser).
McAfee Instructions Say...
...to uninstall all other antivirus programs before installing McAfee Virus Scan..In fact, the recent versions of McAfee won't install correctly if another version is running on the machine.
That said, some users successfully have two different antivirus programs installed at the same time, BUT it's best if they aren't ''running'' at the same time. One version is better left for use as a stand-alone scanner. If they're both running, then yes, there are normally problems with conflicts..
My recommendation is to install a single, effective ''on board'' antivirus program and occasionally use the various ONLINE scanners as a ''second opinion''. Here are just a few of the excellent, FREE, online scanners:
Symantec Online Virus Scanner
Housecall Online Scanner
Panda Online Scanner
McAfee Online Scanner
Hope this helps.
AVG doesn't like Thunderbird
I knew you weren't supposed to have 2 AV programs running at the same time so I disabled the norton AV scanner when I installed PCcillin. Norton had let in a disabling worm that took over my modem & wanted $$$ to help me get rid of it. Trendmicro phone support sent me a cleaner by email that I ran in safe mode that eliminated it, & I wasn't even a customer at the time!!! I did purchase their suite right after, and have had no problems since.
I saw good reviews of AVG here & decided to try it. I thought I'd try it at first with both it & PCcillin running at the same time. I had AVG running with PCcillin with no problems for weeks. The AVG scanner would pop up immediately upon querying the hosts, whereas TrendMicro wouldn't scan until the emails were actually being logged. It seemed they were staying out of each others way.
Then a 2weeks or so?? ago Thunderbird wouldn't access either of my email accounts, similiar to what DCLord posted. I should add that this happened immediately after a VERY long update that morning, possibly that was the new version being downloaded. I don't have much patience with being delayed so after some reflection of the possible causes I decided that the AVG scanner was blocking the mail. (Their bubble popped up TM's didn't). Since they don't have the ability to disable their email scanner I uninstalled the program, which fixed the problem.
Curiously I got an email the next day from email@example.com, which I thought was an AVG spam filter, saying they had added gigabyte.com.tw to their whitelist. I never configured spam filters so it was an unusual email. My delayed email from gigabyte arrived right after it. I was starting to think that a conflict with the gigabyte email caused the problem till I saw DCLord had the same problem with Thunderbird & AVG. I'm now tending to believe it's a tbird AVG conflict.
I liked the idea of having 2 scanners. I checked the email test center E. O'Daniel provided:
and sent all 26 email tests to me. TM blocked 18, quarantined 1, but allowed 7, which got me worried. TM updates once a day or more. I'm thinking of trying Avast with TMicro. I'm probably worried about nothing, but I'm wondering if anyone else is using 2 scanners at the same time, or had problems with Tbird & AVG.
(NT) not my experience
I've been using AVG and Thunderbird with no problem for several months.