> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > OpenMacNews > Sent: Wednesday, March 17, 2004 11:27 AM > To: ClamAV Users List > Subject: [Clamav-users] testvirus.org eicar tests failing w/ ClamAV > version devel-20040316 on OSX+CGPro > > > hi, > > ClamAV version devel-20040316, built on OSX 10.3.3, and > integrated into CommunigatePro 4.1.8, is consistently failing > to detect the following Eicar tests from www.testvirus.org: >
I would just like to point out that MOST of these are not problems with clamav at all. I can not say how to get clamav to detect these because that is dependant on how clamav is called and how it integrates with your mta. > Test #5: Eicar virus sent using BinHex encoding > > Test #8: Eicar virus sent using BinHex encoding within a > MIME segment Your system must be able to decode binhex attachments before they are passed to clamav. I dont believe clamav has an internal binhex decoder. Being that most people dont have a decoder themselves, i dont see how this is really an issue. symantec on my workstation doesnt even pick these up. > > Test #10: Eicar virus embedded within an RFC822 message > > Test #15: Eicar string in HTML, to ensure that your mail > server scans HTML segments > This is definitely a fault with whatever program is calling clamav on your system. These are both blocked on my system (using qmail and qmail-scanner). > Test #22: Eicar virus within zip file hidden using the > "Empty MIME Boundary Vulnerability" > I dont really know what this means but it is let through on my system as well. However i am not too worried about it as it was not picked up symantec on my desktop and someone would need a base64 decoder and some computer knowledge to be able to extract this attachment. > Test #23: Test for the "Partial (Fragmented) > Vulnerability". This does not include Eicar virus, but your mail > server still must block this since it can break a virus > into multiple emails and reassemble it in your inbox. > > Test #24: Attachment with a CLSID extension which may > hide the real file extension. This does not include Eicar > virus, but your mail server still must block this since > it can hide the true extension of a file. > These 2 are not a virus and as such should not be detected by clamav. They are both blocked by qmail-scanner however. > if there's anything further i can provide/check, pls let me know. > > richard > > You may have more luck posting this message on a list decicated to whatever program integrates clamav to your mta. These are not faults of clamav. Jim ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
