David, To find the Signature: $ sigtool --find-sigs Eicar-Signature | sigtool --decode-sigs
I'm guessing the typo on your file is on purpose here. -----Original Message----- From: clamav-users <clamav-users-boun...@lists.clamav.net> On Behalf Of David Morton via clamav-users Sent: Monday, February 17, 2025 2:43 PM To: ClamAV users ML <clamav-users@lists.clamav.net> Cc: morto...@dgrmm.net Subject: Re: [clamav-users] EICAR signature not working / # cat eicar.txt X5O!P%@AP[4\PZX54(P^)7CC)7}-STANDARD-ANTIVIRUS-TEST-FILE!+H* / # clamdscan eicar.txt //eicar.txt: OK ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 0.007 sec (0 m 0 s) Start Date: 2025:02:17 18:50:53 End Date: 2025:02:17 18:50:53 Database information -------------------- Database directory: /var/lib/clamav bytecode.cvd: version 335, sigs: 86, built on Tue Feb 27 15:37:24 2024 daily.cvd: version 27552, sigs: 2072975, built on Mon Feb 17 09:47:21 2025 main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 12:32:42 2021 Total number of signatures: 8720488 Platform information -------------------- uname: Linux 6.8.0-53-generic #55-Ubuntu SMP PREEMPT_DYNAMIC Fri Jan 17 15:37:52 UTC 2025 x86_64 OS: Linux, ARCH: x86_64, CPU: x86_64 zlib version: 1.3.1 (1.3.1), compile flags: a9 platform id: 0x0a21d4d408000000000e0200 Build information ----------------- On 2025-02-17 13:38, David Morton via clamav-users wrote: > even when i put the string in a file by itself. > >> On Feb 17, 2025, at 1:31 PM, Matus UHLAR - fantomas via clamav-users >> <clamav-users@lists.clamav.net> wrote: >> >> On 17.02.25 19:24, David Morton via clamav-users wrote: >>> I have downloaded the test signature to three different systems, >>> verified to be up to date, but they all fail to find the EICAR test >>> signature. Is anyone else seeing this? >> >> they fail to find it where? >> according to: >> >> https://en.wikipedia.org/wiki/EICAR_test_file >> >> antivirus detects the test file only if it starts with the 68-byte >> test string and is not more than 128 bytes long. >> >> -- >> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ >> Warning: I wish NOT to receive e-mail advertising to this address. >> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. >> The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windows 95 >> _______________________________________________ >> >> Manage your clamav-users mailing list subscription / unsubscribe: >> https://lists.clamav.net/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/Cisco-Talos/clamav-documentation >> >> https://docs.clamav.net/#mailing-lists-and-chat > > _______________________________________________ > > Manage your clamav-users mailing list subscription / unsubscribe: > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/Cisco-Talos/clamav-documentation > > https://docs.clamav.net/#mailing-lists-and-chat _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
