Well, maybe, but it’s still wise to test your defences occasionally, and security researcher Didier Stevens has crafted a special file to help you do just that.
Just as with real malware, there are plenty of layers: a ZIP, which decompresses to a PDF, that creates a DOC file, which uses a macro to drop the EICAR test file.
But this is actually a good thing, because it tests your PDF reader’s settings, and Word configuration, and antivirus tool, all in just a few seconds. And without any risk to you, because although EICAR should raise an antivirus alert, it’s just a test file, a string of characters, which can’t harm your system in any way.
To get started, download the test file from this link. It arrives as a password-protected ZIP, so that your antivirus can’t see its contents. To extract them, use eircardropper as the password, with the eicar part in capitals: EICAR .
If you see the prompt and want to carry on with the test, click “Open this file” (don’t worry, it’s safe). The document will open in your default DOC viewer, try to launch a macro which writes the EICAR test file to a temporary folder, and then display a message telling you where this is.
If you see that “EICAR test file written…” message then macros are enabled in your DOC viewer. Again, great if you know that and need them, but if it’s news to you then you’ll probably want to tweak your settings to disable them (Options > Trust Center > Trust Center Settings > Macro Settings in Word 2013).
Finally, if you do get to the “EICAR test file written…” message (or you just let the test proceed), your antivirus engine should pop up an alert within a few seconds. If nothing happens, but the package warns you when you scan the test file individually, then maybe there’s an issue with your real-time protection. That’s a serious issue, and needs investigating right now.
We found the file useful, but if you don’t need all the ZIP, PDF and DOC layers, check out Stevens’ EICARgen instead. It’s a tiny EXE which creates the EICAR file on launch, testing your realtime antivirus protection, but without any of the scripting or macro complications.