Hi Baris, Baris Simsek <[EMAIL PROTECTED]> writes:
> I want to notice that point which is undocumented: If you make tests > with eicar pattern comes from qsheff-r2 source, please consider that, I > added "REMOVETHIS" pattern at the begining of the pattern and the middle > of the pattern. Because of we cannot move/transfer original eicar > pattern over the network. Virus defencers block it. Thats just a remind, > i want to be sure about that, the problem is not connected to it. No, it isn't this time. :) To perform my tests I used real wiruses (from one of my users). In fact I've got these as a full mail messages, I used uudeview to extract the attachments, and now I have pure .zip archives with real viruses, not a test patterns). > I've just done a test by following way: > - edit eicar.com.txt, remove REMOVETHIS patterns (there are 2) > - zip e.zip eicar.com.txt > - Moved it another mail server (because of the local-user option not > used at compile time.) > - I used mutt to attach it. > - And i sent... > > Log is here: > > 28/03/2006 11:35:11: [qSheff] CLAMD, queue=q-1143534911-558892-12468, > recvfrom=64.90.164.206, > [EMAIL PROTECTED]', > [EMAIL PROTECTED]', subj=`virus test', size=1052, > prog=`clamd', virus=`Eicar-Test-Signature' > > So, > > If you didn't use eicar pattern from -r2 there are 2 possibility i > should test: > - Patches you applied to clamav OK. My clamav instalation is built from: - stable clamav 0.88 release (clamav-0.88.tar.gz), - libunrar3 (unrarsrc-3.5.3.tar.gz). Both patched with coresponding patches from: http://mcmcc.bat.ru/clamav/ (The main site is: http://mcmcc.bat.ru/clam_rar3.html - in Russian ;-)) In fact I used only two patches: http://mcmcc.bat.ru/clamav/clamav-0.88-libunrar3.patch and this one for libunrar3: http://mcmcc.bat.ru/clamav/unrar-3.5.3_fix.patch I decided not to use the "7zip" patch for my clamav installations. I've an automake 1.9 installed from official Debian/Sarge .deb package. Here's the installation process used for clamav: ==== ln -s clamav-0.88 clamav-devel.orig patch -p0 < clamav-0.88-libunrar3.patch cd clamav-0.88 aclocal autoconf automake ./configure --disable-clamav --disable-clamuko --with-zlib=/usr --with-{user,group}=clamav make # make install-strip ==== > - Linux, especially Debian (coz i am bsd user) ;-) > I'll wait for your response. Thank you very much for your repsonse. If you want more details or files - just ask me! Bestest, -Chris --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
