Mailscanner is not detecting eicar

Steve Freegard steve.freegard at
Tue Jul 8 18:59:28 IST 2008

Paul Lamb wrote:
> MailScanner version 4.69.9 is not detecting the eicar test "virus".
> (This has not worked previously; I downloaded it a couple of weeks ago 
> but have only just configured it.)
> Eicar is forwarded whether included in the message text
>    mail pal < /etc/mail/EICAR-TEST-FILE
> or as at attachment
>    echo test | pine -attach /etc/mail/EICAR-TEST-FILE pal
> I have tested with eicar included in the parameter Non-Forging Viruses 
> and with it not included.
> Please note that MailScanner does detect and quarantine the virus 
> W32/MyDoom-O and Sophos sweep does detect eicar
>    /usr/lib/MailScanner/sophos-wrapper /usr/local/Sophos EICAR-TEST-FILE 
>    [snip]
>    >>> Virus 'EICAR-AV-Test' found in file EICAR-TEST-FILE
> Any suggestions would be appreciated.

I'm not really sure when you say 'MailScanner' doesn't detect it; 
MailScanner is not a virus scanner itself - it runs external virus 
scanners and reports the results.

The EICAR attachment you created will get detected as text/plain by the 
filetype checks (as it isn't an executable).  If you name it .com/.exe 
etc. then the filename checks will trigger.  MailScanner doesn't 
specifically look for the EICAR sting.

So what you are seeing isn't a problem.

Kind regards,

More information about the MailScanner mailing list