Interesting...if I create a plain text email with the eicar text in it, ClamAV detects it successfully.
Can anyone suggest another way to send myself a non-password-protected/encrypted attachment that ClamAV might have a chance at detecting? It's either that or disable my workstation AV and server AV to send one out and back in that way - kind of a pain. Thanks! On Fri, Feb 6, 2009 at 7:51 AM, Noel Jones <njo...@megan.vbhcs.org> wrote: > Steve Basford wrote: >> >> Alex Davidson wrote: >> >>> send myself EICAR test >>> virus strings but firstly only 3 of the 7 tests hit my mail server, >>> and secondly ClamAV doesn't detect anything, yet the next-level AV >>> detects it just fine. >> >> I tried to send the 7 tests to my main address... only 3 arrived >> >> (the clean one - and 2 of the password protected one) > > I received the same thing. > > >> >> My ISP probably filtered out the others. > > My ISP does no filtering; either the test messages were > blocked at the source (ISP/webhost egress filtering) or they > were never sent. > > As for the encrypted files, nothing can check inside an > encrypted zip, but they can be blocked based on a file name > inside the zip, or clamd can mark all encrypted zips by > setting "ArchiveBlockEncrypted yes" in clamd.conf > > At any rate, this test appears useless. Find another one. > > -- > Noel Jones _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
