One of our clients uses a multiple vendor AV solution (clam included) and has found an interesting scenario. They get sent signature updates and fixes from NAI which are sent as a non-passworded zip file. The zip file typically contains a single binary file and a text "readme" type file.
Part of the text file is a boilerplate set of instructions on how to make an EICAR test file. Clam detects this signature and marks the file as being infected. NAI and Norton AV do not.
I'm undecided as to which action is correct and would therefore appreciate other opinions.
Regards
Martin A. Brooks, Clues Ltd. http://www.clues.ltd.uk/
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
