clamav error..

Julian Field MailScanner at ecs.soton.ac.uk
Sun Jan 9 21:53:56 GMT 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

In the cleaned message, or in the postmaster notification generated by
MailScanner, does it say that MailScanner detected the virus with ClamAV?
i.e. is the problem "real" or is it just in the logs?

Marcel Blenkers wrote:

>Hi there,
>
>hope everyone slipped through into the new year..
>
>my question..
>
>just tested to send me the eicar-testfile as tar.gz in two different
>files.
>one names *.tar.gz and one *.tgz
>
>all worked fine..but still some error in the logfile, which made me
>think..
>
>here are the errors:
>
>Jan  9 22:10:38 marcel MailScanner[30889]: Virus and Content Scanning:
>Starting
>Jan  9 22:10:38 marcel MailScanner[30889]: eicar.com
>Jan  9 22:10:38 marcel MailScanner[30889]: ProcessClamAVOutput:
>unrecognised line "eicar.com". Please contact the authors!
>Jan  9 22:10:38 marcel MailScanner[30889]:
>/tmp/clamav.802/clamav-5d4b8ff291ddb019/eicar.com: Eicar-Test-Signature
>FOUND
>Jan  9 22:10:38 marcel MailScanner[30889]:
>/tmp/clamav.802/clamav-a8e63d9ddfd8c9fe/eigar.tgz: Infected Archive FOUND
>Jan  9 22:10:38 marcel MailScanner[30889]: (Real infected archive:
>/var/spool/MailScanner/incoming/30889/./j09LAUH6000794/eigar.tgz)
>
>
>and within the warning all virus-scanners reported eicar..except
>Clamscan..
>
>At Sun Jan  9 22:10:41 2005 the virus scanner said:
>   ClamAV: eigar.tgz contains a virus
>   AntiVir: ALERT: [Eicar-Test-Signature virus] eigar.tgz --> eigar.tar
>--> eicar.com <<< Contains code of the Eicar-Test-Signature virus
>   F-Prot: eigar.tgz->?->eicar.com  Infection: EICAR_Test_File
>   Bitdefender: Found virus EICAR-Test-File (not a virus) in file
>eigar.tgz
>
>
>i do not use the perl-module for clamscan..but the original programm..
>
>maybe i should switch??
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list