How to create a test alert in ICSP and NNP using Eicar

book

Article ID: 168537

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

You are looking at an article which is applicable to an earlier version of ICSP. The information in this article might be outdated, or invalid. To view the latest information about ICSP, see the ICSP online Help.

 

 

Often it is difficult to create a test alert to determine if your Norman Shark ICSP or NNP devices are functioning properly and are sending out alerts correctly.  This method allows you to transfer a non-malicious file that will still trigger an alerty by the ICSP and NNP devices.

Resolution

1.Preparation

First you need to download the Eicar test file from http://www.eicar.org.  For information about the Eicar Testfile please read the information supplied there. All you need to know is that the Eicar testfile is acually an ASCII file containing just this string:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

If you manually copy it to an empty text file and save it as Eicar.com you create your own testfile (useful if you cannot download the file).  It is completely harmless, but every AV solution will create an Alert when finding this file.

2. Testing

NNP: Copy the Eicar test file through the monitored Network connection from one host to another.  Be sure to use a protocol that you are actually scanning.

ICSP: Put the test file on a USB Stick and scan it as usual.



 

Workaround