Verifying your deployment by using the EICAR antivirus test file
Applies to: Forefront Protection for Exchange
The procedure below provides instructions on testing your FPE deployment by using the EICAR antivirus test file.
To test your deployment
Copy the following line into its own text file, and then name it EICAR.TXT:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
When done, you will have a 69-byte or 70-byte file.
Attach this file to an Exchange message. Forefront Protection 2010 for Exchange Server (FPE) reports finding the EICAR-STANDARD-AV-TEST-FILE virus. If you have chosen either the Clean (the default) or Delete action, FPE also reports the attachment as being deleted. The infected attachment is removed from the test message or post, and it is replaced with a text file that contains something similar to the following string: "Microsoft Forefront Protection 2010 for Exchange Server found a virus and deleted this file."
Important
This is not a virus. However, because users often have the need to test that installations function correctly, the antivirus industry, through the European Institute for Computer Antivirus Research, has adopted the EICAR standard in order to facilitate this need.
It is recommended that you delete the EICAR file after installation testing is completed so that other users are not unnecessarily alarmed.