Hello Alex, I don't have a definitive test either. I have recently installed ClamAV on my gateway/router/firewall/smtp Linux box. I tried the canned test as suggested in the ClamAV doco but I could not see anything definitive. I agree that a real email from the <outside> would be a definitive test. Since ClamAV is running on a Linux box a Windows virus in an email attachment would be the best test without actually exposing the Linux box to compromise. I must admit that I would be reluctant to do this myself as the reason I installed ClamAV is I recently rid my local Windows boxes of a vicious browser hijack trojan. The source of this trojan was in all-likelihood not from email but from a link embedded in a normal html page. BTW: what is the EICAR test I will try this myself. Regards, :-), David.
Alex Davidson wrote .. > Interesting...if I create a plain text email with the eicar text in > it, ClamAV detects it successfully. > > Can anyone suggest another way to send myself a > non-password-protected/encrypted attachment that ClamAV might have a > chance at detecting? > It's either that or disable my workstation AV and server AV to send > one out and back in that way - kind of a pain. > > Thanks! > > On Fri, Feb 6, 2009 at 7:51 AM, Noel Jones <njo...@megan.vbhcs.org> wrote: > > Steve Basford wrote: > >> > >> Alex Davidson wrote: > >> > >>> send myself EICAR test > >>> virus strings but firstly only 3 of the 7 tests hit my mail server, > >>> and secondly ClamAV doesn't detect anything, yet the next-level AV > >>> detects it just fine. > >> > >> I tried to send the 7 tests to my main address... only 3 arrived > >> > >> (the clean one - and 2 of the password protected one) > > > > I received the same thing. > > > > > >> > >> My ISP probably filtered out the others. > > > > My ISP does no filtering; either the test messages were > > blocked at the source (ISP/webhost egress filtering) or they > > were never sent. > > > > As for the encrypted files, nothing can check inside an > > encrypted zip, but they can be blocked based on a file name > > inside the zip, or clamd can mark all encrypted zips by > > setting "ArchiveBlockEncrypted yes" in clamd.conf > > > > At any rate, this test appears useless. Find another one. > > > > -- > > Noel Jones > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
