Hello Noel, yep it worked. The eicar message was found but not before a user with enough time to open the mail message and the attachement. And, it is difficult to tell exactly which message is the culprit because all I see from the CRON log email is:
/Maildir/cur/1233939406.Vfd00I270080M968444.davidwbrown.name:2,S: Eicar-Test-Signature FOUND And, the gadgetry set-up to automatically send email to users with FOUND signatures did not trigger. I suppose I need to run ClamAV as daemon and ditch the CRON job. Thanks, David. Noel Jones wrote .. > Alex Davidson wrote: > > Interesting...if I create a plain text email with the eicar text in > > it, ClamAV detects it successfully. > > > > Can anyone suggest another way to send myself a > > non-password-protected/encrypted attachment that ClamAV might have a > > chance at detecting? > > There is a test tool at http://tools.declude.com/ under the > "Virus Test" heading. > There are a bizillioin options for sending the virus. The > only tests that really count are the "Plain base64 MIME > encoded" and "Zip file". Clam should detect those. The rest > appear to be mostly marketing fluff; don't be too concerned if > clam doesn't detect them. > > > -- > Noel Jones > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
