Mailscanner is not detecting eicar (Paul Lamb)

Paul Lamb pal at
Tue Jul 8 19:20:37 IST 2008

Steve Freegard wrote:

>Paul Lamb wrote:
>> MailScanner version 4.69.9 is not detecting the eicar test "virus".
>> (This has not worked previously; I downloaded it a couple of weeks ago 
>> but have only just configured it.)
>> Eicar is forwarded whether included in the message text
>>    mail pal < /etc/mail/EICAR-TEST-FILE
>> or as at attachment
>>    echo test | pine -attach /etc/mail/EICAR-TEST-FILE pal
>> I have tested with eicar included in the parameter Non-Forging Viruses 
>> and with it not included.
>> Please note that MailScanner does detect and quarantine the virus 
>> W32/MyDoom-O and Sophos sweep does detect eicar
>>    /usr/lib/MailScanner/sophos-wrapper /usr/local/Sophos EICAR-TEST-FILE 
>>    [snip]
>>    >>> Virus 'EICAR-AV-Test' found in file EICAR-TEST-FILE
>> Any suggestions would be appreciated.
>I'm not really sure when you say 'MailScanner' doesn't detect it; 
>MailScanner is not a virus scanner itself - it runs external virus 
>scanners and reports the results.
>The EICAR attachment you created will get detected as text/plain by the 
>filetype checks (as it isn't an executable).  If you name it .com/.exe 
>etc. then the filename checks will trigger.  MailScanner doesn't 
>specifically look for the EICAR sting.
>So what you are seeing isn't a problem.
>Kind regards,


My first sentence was imprecise but I do have a problem.

The system has the Sophos sweep AV software installed.

Sweep _does_ detect EICAR.

When MailScanner invokes sweep, sweep does _not_ detect EICAR or. if it
does, this is not correctly handled by MailScanner. (However, 
MailScanner + sweep _does_ detect at least one real virus.)


More information about the MailScanner mailing list