Mailscanner is not detecting eicar
Steve Freegard
steve.freegard at fsl.com
Tue Jul 8 18:59:28 IST 2008
Paul Lamb wrote:
> MailScanner version 4.69.9 is not detecting the eicar test "virus".
>
> (This has not worked previously; I downloaded it a couple of weeks ago
> but have only just configured it.)
>
> Eicar is forwarded whether included in the message text
>
> mail pal < /etc/mail/EICAR-TEST-FILE
>
> or as at attachment
>
> echo test | pine -attach /etc/mail/EICAR-TEST-FILE pal
>
> I have tested with eicar included in the parameter Non-Forging Viruses
> and with it not included.
>
> Please note that MailScanner does detect and quarantine the virus
> W32/MyDoom-O and Sophos sweep does detect eicar
>
> /usr/lib/MailScanner/sophos-wrapper /usr/local/Sophos EICAR-TEST-FILE
> [snip]
> >>> Virus 'EICAR-AV-Test' found in file EICAR-TEST-FILE
>
> Any suggestions would be appreciated.
I'm not really sure when you say 'MailScanner' doesn't detect it;
MailScanner is not a virus scanner itself - it runs external virus
scanners and reports the results.
The EICAR attachment you created will get detected as text/plain by the
filetype checks (as it isn't an executable). If you name it .com/.exe
etc. then the filename checks will trigger. MailScanner doesn't
specifically look for the EICAR sting.
So what you are seeing isn't a problem.
Kind regards,
Steve
More information about the MailScanner
mailing list