You'll need to find a nastie that your local/server AV don't detect, but ClamAV does. Or make an exception for a file extention... rename eicar.txt to eicar.z43 (something random) and make sure your server and local av will ignore that file extention.
On Fri, Feb 6, 2009 at 10:45 AM, Alex Davidson <davidson.a...@gmail.com>wrote: > Interesting...if I create a plain text email with the eicar text in > it, ClamAV detects it successfully. > > Can anyone suggest another way to send myself a > non-password-protected/encrypted attachment that ClamAV might have a > chance at detecting? > It's either that or disable my workstation AV and server AV to send > one out and back in that way - kind of a pain. > > Thanks! > > On Fri, Feb 6, 2009 at 7:51 AM, Noel Jones <njo...@megan.vbhcs.org> wrote: > > Steve Basford wrote: > >> > >> Alex Davidson wrote: > >> > >>> send myself EICAR test > >>> virus strings but firstly only 3 of the 7 tests hit my mail server, > >>> and secondly ClamAV doesn't detect anything, yet the next-level AV > >>> detects it just fine. > >> > >> I tried to send the 7 tests to my main address... only 3 arrived > >> > >> (the clean one - and 2 of the password protected one) > > > > I received the same thing. > > > > > >> > >> My ISP probably filtered out the others. > > > > My ISP does no filtering; either the test messages were > > blocked at the source (ISP/webhost egress filtering) or they > > were never sent. > > > > As for the encrypted files, nothing can check inside an > > encrypted zip, but they can be blocked based on a file name > > inside the zip, or clamd can mark all encrypted zips by > > setting "ArchiveBlockEncrypted yes" in clamd.conf > > > > At any rate, this test appears useless. Find another one. > > > > -- > > Noel Jones > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > -- -Xinn.org Security, and Sanity Solutions The makers of ClearSite NMS. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
