Verifying the proper operation of your anti-virus program

When the installation and setup of Kaspersky Anti-Virus are complete we recommend that you verify the settings and proper operation of the program using a test "virus" and its modifications.
This test "virus" has been developed by (The European Institute for Computer Anti-Virus Research) specifically for the purpose of verification of the anti-virus software operation.
The test "virus" IS NOT A VIRUS and contains no code that will harm your computer. Nevertheless, most anti-virus products identify it as a virus.

Never use real viruses to test the operation of your anti-virus program!
The test "virus" can be downloaded from the official site of EICAR at: http://www.eicar.org/anti_virus_test_file.htm. If you have no Internet access, you can create a test "virus" manually. To do so enter the line below in any text editor and save the file as eicar.com:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
The file that you download from the EICAR site or create in a text editor as described above contains the body of a standard test "virus". The anti-virus program detects it, assigns the Infected status to it and performs the action that you specified to be performed on objects with this status.
In order to test the program's response to the detection of objects of other types, you should modify the content of the standard test "virus" by adding one of the prefixes below (see table below).

You can verify the proper operation of Kaspersky Anti-Virus using modifications of the EICAR "virus" only if your anti-virus databases are dated October 24, 2003 or later (cumulative update - October 2003).

 Test "virus" modifications

Prefix
Object status
No prefix, standard test "virus"
Infected. The disinfection attempt will result in an error. The object will then be deleted.
CORR-
Corrupted.
SUSP-
Possibly infected (unknown virus code).
WARN-
Infected with a virus (modified code of a known virus).
ERRO-
Could not be scanned due to a failure.
CURE-
Infected. The object will be disinfected and the text in the infected file will be changed to CURED.
DELE-
Infected. The object will be deleted automatically.
The first column of the table contains the prefixes that should be added to the beginning of the line in the standard test "virus" file (e.g. DELE-X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*).
After you add the prefix to the test "virus", save it as eicar_dele.com (or other filename depending on the prefix you use).
The second column contains the types of object identified by the anti-virus program depending on the prefix you added. Actions performed on each object are defined by the program's settings.
In order to verify the response of your copy of Kaspersky Anti-Virus,
  1. Create a folder on your hard drive and move the test "virus" files that you created to this new folder.
  2. Select the Prompt user for action option for the action to be performed by the program when an infected object is found (see section Scan settings to be used).
  3. Check the Log all messages box in the Additional settings window to log to a report file data about possibly infected objects or objects that have not been checked due to an error.
  4. Start a scan of your entire computer or of the folder where you moved all "viruses" that you created.
As the program detects an infected object, it will display dialog boxes with information about the detected object and a prompt for an action to be performed on the object.
Thus, by selecting actions in the dialog boxes that will pop up during the scan, you will be able to verify your program's response to the detection of various types of infected object.
Detailed results of the scan will be documented in the report.
Kaspersky Lab
WWW: http://www.kaspersky.com

E-mail: support@kaspersky.com