Noel, On Tuesday, 2024-03-12 12:24:48 -0500, you wrote:
> ... > You can read about it here for clues about why your test didn't work. > https://www.eicar.org/ > https://en.wikipedia.org/wiki/EICAR_test_file Thanks for these pointers :-) So the file size is restricted to 128 characters and the file must START with the Eicar string. Ok, this explains why my previous example didn't work. But $ grep -Ev '/tmp/|X-V' /HomeDir/.mail/Tests/procmailrc/Virus.rof | tee Virus | wc -c 130 $ clamscan --no-summary --stdout Virus /HomeDir/tmp/Virus: Eicar-Signature FOUND $ indicates that detection works even though neither the above size re- striction is met nor is the file STARTING with the Eicar string. So what are the restrictions specifically used by "clamscan"? And can I rely on them not to change? As you can conclude from my example code, I'm using "procmail" to pipe incoming mails including headers via "formail" into "clamdscan", which currently produces the intended results with respect to the Eicar file. I could slightly reduce the file size, but the Eicar string will always FOLLOW the mail headers. Sincerely, Rainer _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
