Not detecting eicar in zipped form

Barry Andersson barry at COATINGS.NET.AU
Sun Dec 29 21:05:53 GMT 2002


> >I sent a eicar test virus and it detected and removed it. However when I
> >sent the same test virus in zip format it was not detected. Unzip is
> >definitely installed on the RaQ.
> >
> >I'm using McAfee Uvscan as the virus scanner.
> >
> >Any suggestions?
> Did the mail logs show anything interesting?

The Sendmail log shows the following:

Dec 30 07:50:28 www MailScanner[612]: New batch: Scanning 1 messages, 1345
Dec 30 07:50:28 www MailScanner[612]:Virus and Content Scanning: Starting
Dec 30 07:50:28 www MailScanner[612]:gBTKo0t03522: to=<admin at mydomain>,
ctladdr=<admin at mydomain> (110/27), delay=00:00:04, mailer=local, pri=120926,
dsn=2.0.0, stat=Sent
Dec 30 07:50:28 www MailScanner[612]:MailScanner
Dec 30 07:50:28 www MailScanner[612]:MailScanner E-Mail Virus Scanner
version 4.10-1 starting...
Dec 30 07:50:28 www MailScanner[612]:Using locktype = flock

It appears to detect via filename checks rather than McAfee so I'm
wondering if McAfee is even being called at all.



More information about the MailScanner mailing list