Missed virus?

Kevin Spicer kevins at BMRB.CO.UK
Fri Sep 5 20:16:40 IST 2003


On Fri, 2003-09-05 at 19:27, Antony Stone wrote:

> I just tested this by taking eicar.com, tar-gzipping it, then
winzipping
> the tgz file, then bzip2-ing the winzip file, and emailing myself the
.bz2
> file.
>
> Eicar got found by ClamAV, AntiVir and McAfee (which, with the AV
engines I
> run on this mail server, means it got missed by BitDefender, F-Prot,
> Inoculan, Kaspersky and NOD32).

And of course MailScanner didn't pick up the .com file & block it.

I performed a test myself, which I hoped would imitate the message which
the original post was about.  I created an email with email.com and
eicar.zip attached, then forwarded the email as an attachment to
myself.  Both Sophos(savi) and Clam picked up both copies of eicar,
whats more MailScanner also blocked the com file.

This suggests that although the original post's problem message (I
guess) had the original email attached ther was something irregular
about its formatting which prevented MailScanner and Clam from
recognising it as an attached message and treat it as such.

It would be most interesting to see the source of the original message
(if you still have it Gerry).




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.



More information about the MailScanner mailing list