Eicar.zip not detected + performance stats

Peter Bonivart peter at UCGBOOK.COM
Tue May 27 19:28:08 IST 2003 

I just tested:

# clamscan
/root/mail/MailScanner-4.21-6.tar.gz: OK
/root/mail/clamav-20030403.tar.gz: ClamAV-Test-Signature FOUND
/root/mail/eicarcom2.zip: Eicar-Test-Signature FOUND
/root/mail/eicar_com.zip: Eicar-Test-Signature FOUND
/root/mail/eicar.com: Eicar-Test-Signature FOUND
/root/mail/dcc-dccproc.tar.Z: OK
/root/mail/eicar.zip: Eicar-Test-Signature FOUND

# /opt/MailScanner/lib/clamav-wrapper
/root/mail/MailScanner-4.21-6.tar.gz: OK
/root/mail/clamav-20030403.tar.gz: ClamAV-Test-Signature FOUND
/root/mail/eicarcom2.zip: Eicar-Test-Signature FOUND
/root/mail/eicar_com.zip: Eicar-Test-Signature FOUND
/root/mail/eicar.com: Eicar-Test-Signature FOUND
/root/mail/dcc-dccproc.tar.Z: OK
/root/mail/eicar.zip: Eicar-Test-Signature FOUND

Looks OK to me. I think I used default on both MailScanner and ClamAV.

# which clamscan
/usr/local/bin/clamscan
# ls -l /opt/
lrwxrwxrwx   1 root     other         18 May 19 11:42 MailScanner ->
MailScanner-4.21-6
drwxr-xr-x   7 root     root         512 May 19 16:52 MailScanner-4.21-6

/Peter Bonivart

--Unix lovers do it in the Sun

On Tue, 2003-05-27 at 20:08, Julian Field wrote:
> At 18:57 27/05/2003, you wrote:
> >I tested a complete setup today and had problems with viruses. I caught
> >two real viruses and detected the eicar.com file even though I don't
> >really know if it was caught by the filtering of com-files or as a an
> >actual virus. When I tested with eicar.com in a zip-file it just slipped
> >through undetected. Zip's are allowed but shouldn't it have been scanned
> >and detected as the Eicar file? Should I be worried? I use an up to date
> >ClamAV. It detects the "virus" if I scan the eicar.zip manually.
>
> It certainly should pick this up. Try running the clamav-wrapper script on
> a directory containing eicar.zip. Did you install it in the default
> location? If not, you will have to update the paths in clamav-wrapper and
> clamav-autoupdate.
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list