Colin, Is it possible that icap has changed the file in some way? Is it possible to set up a test to verify what is sent to ClamAV?
You could also try using the clamd.conf parameters LeaveTemporaryFiles and TemporaryDirectory. Then run your file through your squidclamav configuration and inspect the file(s) left in the temporary directory. Hopefully, it will contain a file that looks something like the eicar. If nothing is left there, try it with eicar inside of a zip file. Steve On Wed, Aug 30, 2017 at 2:40 PM, Colin Rogers <colinrogers...@gmail.com> wrote: > I also get signature found when I run clamscan against the file but not > when going through icap. I can see in my c-icap/access.log file that clam > considers the file good to go: > > ubuntu-icap:~$ clamscan eicar.com.txt > eicar.com.txt: Eicar-Test-Signature FOUND > > ----------- SCAN SUMMARY ----------- > Known viruses: 6303395 > Engine version: 0.99.2 > Scanned directories: 0 > Scanned files: 1 > Infected files: 1 > Data scanned: 0.00 MB > Data read: 0.00 MB (ratio 0.00:1) > Time: 9.843 sec (0 m 9 s) > > _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml