ClamAv Logging Virus Name

[Antony Stone]

On Thursday 21 August 2003 2:16 pm, Stephe Campbell wrote:

> Maybe I was too hasty in my reply. My scenario matches Mr. O'brien's. After
> scanning my logs, I didn't have one Sobig virus caught. Maybe I should be
> greatful, but still.
>
> My setup is RH 7.3 with sendmail. I have clamav 0.60 install. My
> viruses.db2 file is 4732 bytes with an update time of Aug 20, 20:02. Maybe
> I better look at the update script output?

Well, it looks like your ClamAV is up to date (don't bother about the
difference in time from my files - that just indicates you got your update
before I did, but we both have the same file size).

I suggest you send yourself an Eicar virus and watch the mail server logs as
it goes through - look for a line ending with FOUND.

To send yourself the Eicar test virus, either download it from
http://www.eicar.org/anti_virus_test_file.htm or else just join the following
three lines together with no spaces and send the resultant string to yourself
in an email.   ClamAV should pick it up.

X5O!P%@AP[4\PZX54(P^)7CC)
7}$EICAR-STANDARD-ANTI
VIRUS-TEST-FILE!$H+H*

(I've split the line so that it doesn't get blocked by my server on the way
out, or your server on the way in, which would mean you would never see this
message, as well as probably annoying a few people on this mailing list...)

Antony.

--

What is this talk of software 'release' ?
Our software evolves and matures until it becomes capable of escape,
leaving a bloody trail of designers and quality assurance people in its wake.