The EICAR test file is defined as a file that contains only the following string: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*.
There are, of course, many ways to identify files that match this criteria. The scan function’s content parameter contains the entire content of the artifact in question - this is what you’re matching against.
The following are 2 examples for how you can write your scan() function to detect EICAR. Update the code in your __init__.py file with the changes from one of these examples.
The first way, is the simplest design and is used in eicar.py:
Implementing scan logic directly in the Scanner class is difficult to manage and scale. Instead, you’ll likely want your Microengine class to call out to an external binary or service that holds the actual scan logic.