On Thu, 27 Oct 2005, Roger Rustad wrote: ; ClamAV aficionados: ; ; I just recently bought an account on webhostingbuzz.com. Curious as to how ; well the domains were protected against viruses, I went to ; http://www.webmail.us/testvirus and emailed the eicar virus to my account. My ; mail is supposedly protected with ClamAV, and yet it passed/failed the ; following tests: ; ; FAILED->Test 22 (Non-Virus): Test for the "Partial (Fragmented) ; Vulnerability". This does not include the EICAR virus, however your mail ; server should still block this since a virus can use this technique to break ; itself into multiple emails, bypassing virus scanners, and reassembling itself ; in your inbox. ** ; ; FAILED->Test 23 (Non-Virus): Attachment with a CLSID extension which ; may hide the real file extension. This does not include the EICAR virus, ; however your mail server should still block this since the CLSID technique can ; be used to hide the true extension of a malicious file. *** ; ; Is this typical of ClamAV? Or is it just that they don't have ClamAV ; configured well?
This is not typical, something is wrong with the ClamAV setup. Tests 22 and 23 will not be blocked (or certainly weren't in the past) since they don't contain viruses. They're correct in that the mail server setup *as a whole* should block these, but it's not ClamAV's job. Do the messages that got through give an indication of what version of ClamAV is being used ? A. _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
