Software testing is always challenging, and no matter how hard you try, you can never be sure that your program is safe and bug-free. Even if you can prove your algorithms are perfect, the real world will quickly verify your beliefs. Bugs in compilers, operating systems, or third-party libraries are not uncommon and introduce additional layers of complexity. In order to make your testing procedures effective, you have to be flexible, think widely, and use proper tools for proper things.

Anti-virus scanners are really strong opponents when it comes to testing. Everyone expects them to be very stable, reliable, accurate, fast, etc. The developers need to perform dozens of tests to ensure that both software and signature databases meet the desired quality requirements. Everything needs to be tested and tuned up very carefully, to avoid unexpected surprises when the software reaches the end users.

During the last few years, the Clam Anti-Virus project has deployed a wide variety of testing techniques to keep the product ready for mission-critical applications. I’ll try to explore these solutions as well as some common difficulties the developers still need to deal with. Testing methods may vary between different platforms, and this case study focuses on Unix, whose most famous design principle is KISS: Keep it Simple, Stupid! This harsh but very accurate rule also perfectly applies to testing. Simplicity is ...