Mailscanner is not detecting eicar

[Anthony Peacock]

Hi Paul,

Paul Lamb wrote:
> MailScanner version 4.69.9 is not detecting the eicar test "virus".
> 
> (This has not worked previously; I downloaded it a couple of weeks ago 
> but have only just configured it.)
> 
> Eicar is forwarded whether included in the message text
> 
>    mail pal < /etc/mail/EICAR-TEST-FILE
> 
> or as at attachment
>    
>    echo test | pine -attach /etc/mail/EICAR-TEST-FILE pal
> 
> I have tested with eicar included in the parameter Non-Forging Viruses 
> and with it not included.
> 
> Please note that MailScanner does detect and quarantine the virus 
> W32/MyDoom-O and Sophos sweep does detect eicar
> 
>    /usr/lib/MailScanner/sophos-wrapper /usr/local/Sophos EICAR-TEST-FILE 
>    [snip]
>    >>> Virus 'EICAR-AV-Test' found in file EICAR-TEST-FILE
>  
> Any suggestions would be appreciated.

Mailscanner and Sophos are working fine here and detecting EICAR.

"The following e-mails were found to have: Bad Filename Detected : Virus 
Detected

     Sender: a.peacock at chime.ucl.ac.uk
IP Address: 128.40.182.49
  Recipient: a.peacock at chime.ucl.ac.uk
    Subject: Test of eicar
  MessageID: m697INiw012407
Quarantine: /var/spool/MailScanner/quarantine/20080709/m697INiw012407
     Report: Clamd: eicar.com was infected: ./m697INiw012407/eicar.com: 
Eicar-Test-Signature FOUND
             SophosSAVI: eicar.com was infected by EICAR-AV-Test
             MailScanner: Executable DOS/Windows programs are dangerous 
in email (eicar.com)"

All I can suggest is to run MailScanner in debug mode and see if there 
is anything obvious in the debug output.

-- 
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW:    http://www.chime.ucl.ac.uk/~rmhiajp/
Study Health Informatics - Modular Postgraduate Degree
http://www.chime.ucl.ac.uk/study-health-informatics/