Not detecting eicar in zipped form
Barry Andersson
barry at COATINGS.NET.AU
Sun Dec 29 21:05:53 GMT 2002
Hi,
> >I sent a eicar test virus and it detected and removed it. However when I
> >sent the same test virus in zip format it was not detected. Unzip is
> >definitely installed on the RaQ.
> >
> >I'm using McAfee Uvscan as the virus scanner.
> >
> >Any suggestions?
>
> Did the mail logs show anything interesting?
The Sendmail log shows the following:
Dec 30 07:50:28 www MailScanner[612]: New batch: Scanning 1 messages, 1345
bytes
Dec 30 07:50:28 www MailScanner[612]:Virus and Content Scanning: Starting
Dec 30 07:50:28 www MailScanner[612]:gBTKo0t03522: to=<admin at mydomain>,
ctladdr=<admin at mydomain> (110/27), delay=00:00:04, mailer=local, pri=120926,
dsn=2.0.0, stat=Sent
Dec 30 07:50:28 www MailScanner[612]:MailScanner
Dec 30 07:50:28 www MailScanner[612]:MailScanner E-Mail Virus Scanner
version 4.10-1 starting...
Dec 30 07:50:28 www MailScanner[612]:Using locktype = flock
It appears to detect eicar.com via filename checks rather than McAfee so I'm
wondering if McAfee is even being called at all.
Cheers
Barry
More information about the MailScanner
mailing list