Testing that virus detection works

  • Article ID: 10027
  • Rating:
  • 10 customers rated this article 4.5 out of 6
  • Updated: 27 Jan 2015

SAVTEST.EXE and SAVTST32.EXE are utilities designed to test the operation of Sophos Anti-Virus by using the EICAR test string which Sophos Anti-Virus recognizes as a virus.

The EICAR test string is not a virus; it is a completely harmless short program designed to trigger the anti-virus software into recognizing it as a virus. Sophos Anti-Virus will report its presence as the 'EICAR-AV-Test' virus.

Applies to the following Sophos product(s) and version(s)

Sophos Endpoint Security and Control

What To Do

  • SAVTEST.EXE runs under Windows 95/98/Me, Windows NT/2000/XP/2003, DOS/Windows 3.1x, NetWare and OS/2.
  • SAVTST32.EXE is a Windows version of this program which runs under Windows 95/98/Me and Windows NT/2000/XP/2003 only.

The EICAR test string is also detected by default by Sophos Anti-Virus for UNIX and OpenVMS, and can be detected by Sophos Anti-Virus for Macintosh when the 'Include non-Macintosh virus detection' option is selected.

Under OpenVMS, a detectable EICAR.COM cannot be created using a VMS text editor (VMS has its own format for text files). It must be copied in binary mode from a non-VMS system.

For more information, see the SAVTEST and SAVTST32 release notes.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent