On Sun, Aug 18, 2002 at 08:20:47PM -0400, Dave Sill wrote: > I was just sending the EICAR string in the body of a message, not an > attachment.
Ah. The EICAR test virus is matched by it's filename as well as it's content. Just having one of those components is normally not enough. > I re-tried my test, first sending it as an attachment named eicar.com > and the perlscanner caught it. Then I renamed it eicar.txt and neither > the perlscanner (as expected) nor clamscan caught it. That makes more sense - but I still don't know why clamscan didn't catch it. I just sent myself the eicar virus as you did. eicar.com was caught by perlscanner, then I edited the raw MIME and changed the filename to eicar.txt and sent it again. That time clamscan picked it. Bad clam release? You can turn up debuging: set it above 100 ($DEBUG=100) and Q-S won't delete anything after it runs. Then you can hand-check the remanents to see what happened in /var/spool/qmailscan/ -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
