Is EICAR considered forged?
No, it is not.
Using Tools page I sent myself tests for eicardynamicencodedzip and eicarencodedzip. Both were stopped (see logs below) but no notice was sent. Should I have gotten a notice if:
- Running i9 - VIRUS.CFG (logging MID) has BANEXT ZIP and BANEXT EZIP - BANNOTIFY.EML has SKIPIFFORGED as first line (& no blank lines present until after TO:, FROM:, and SUBJECT:
Yes, you should have.
To get a better idea of what is happening, you can use the Declude debug mode. To do this, change the "LOGLEVEL LOW" line in \IMail\Declude\virus.cfg to "LOGLEVEL DEBUG". Then, send the test eicar.com file through (using our Test Virus Sender at http://www.declude.com/tools ), and then switch back to "LOGLEVEL LOW" (the debug mode adds huge amounts of information to the log file). You can then send me (off-list) the \IMail\spool\vir####.log file (as an attachment, NOT sent from web messaging), and I can take a look at it to see what the problem may be.
-Scott
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
