Re: [clamav-users] ClamAV not picking up Eicar file...

2017-08-31 Thread Colin Rogers 
Hello,

Thank you for the advice. I set that up and saw files being added to the
directory I specified. Scans on those files did not trigger anything. I
then tried the eicarcom2.zip file and that did show as an infected file. It
also showed as infected when I scanned it in the temp directory.

Seems like its not my config but possibly something else. I appreciated the
help and should be able to move forward from here.

Thanks again,

Colin

On Wed, Aug 30, 2017 at 2:06 PM, Steven Morgan 
wrote:

> Colin,
>
> Is it possible that icap has changed the file in some way? Is it possible
> to set up a test to verify what is sent to ClamAV?
>
> You could also try using the clamd.conf parameters LeaveTemporaryFiles and
> TemporaryDirectory. Then run your file through your squidclamav
> configuration and inspect the file(s) left in the temporary directory.
> Hopefully, it will contain a file that looks something like the eicar. If
> nothing is left there, try it with eicar inside of a zip file.
>
> Steve
>
> On Wed, Aug 30, 2017 at 2:40 PM, Colin Rogers 
> wrote:
>
> > I also get signature found when I run clamscan against the file but not
> > when going through icap. I can see in my c-icap/access.log file that clam
> > considers the file good to go:
> >
> > ubuntu-icap:~$ clamscan eicar.com.txt
> > eicar.com.txt: Eicar-Test-Signature FOUND
> >
> > --- SCAN SUMMARY ---
> > Known viruses: 6303395
> > Engine version: 0.99.2
> > Scanned directories: 0
> > Scanned files: 1
> > Infected files: 1
> > Data scanned: 0.00 MB
> > Data read: 0.00 MB (ratio 0.00:1)
> > Time: 9.843 sec (0 m 9 s)
> >
> >
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV not picking up Eicar file...

2017-08-30 Thread Steven Morgan 
Colin,

Is it possible that icap has changed the file in some way? Is it possible
to set up a test to verify what is sent to ClamAV?

You could also try using the clamd.conf parameters LeaveTemporaryFiles and
TemporaryDirectory. Then run your file through your squidclamav
configuration and inspect the file(s) left in the temporary directory.
Hopefully, it will contain a file that looks something like the eicar. If
nothing is left there, try it with eicar inside of a zip file.

Steve

On Wed, Aug 30, 2017 at 2:40 PM, Colin Rogers 
wrote:

> I also get signature found when I run clamscan against the file but not
> when going through icap. I can see in my c-icap/access.log file that clam
> considers the file good to go:
>
> ubuntu-icap:~$ clamscan eicar.com.txt
> eicar.com.txt: Eicar-Test-Signature FOUND
>
> --- SCAN SUMMARY ---
> Known viruses: 6303395
> Engine version: 0.99.2
> Scanned directories: 0
> Scanned files: 1
> Infected files: 1
> Data scanned: 0.00 MB
> Data read: 0.00 MB (ratio 0.00:1)
> Time: 9.843 sec (0 m 9 s)
>
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV not picking up Eicar file...

2017-08-30 Thread Ralph Seichter 
On 30.08.17 19:01, Colin Rogers wrote:

> Please let me know what I can provide to get to the bottom of this.

Three messages of yours have been weeded out here. Please don't send
virus samples to public mailing lists.

-Ralph
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV not picking up Eicar file...

2017-08-30 Thread Colin Rogers 
I also get signature found when I run clamscan against the file but not
when going through icap. I can see in my c-icap/access.log file that clam
considers the file good to go:

ubuntu-icap:~$ clamscan eicar.com.txt
eicar.com.txt: Eicar-Test-Signature FOUND

--- SCAN SUMMARY ---
Known viruses: 6303395
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 9.843 sec (0 m 9 s)

ubuntu-icap:~$ tail -f /var/log/c-icap/access.log
30/Aug/2017:10:19:37 -0700, 2.2.2.5 2.2.2.2 REQMOD squidclamav 200
30/Aug/2017:10:19:37 -0700, 2.2.2.5 2.2.2.2 RESPMOD squidclamav 200
30/Aug/2017:10:19:41 -0700, 2.2.2.5 2.2.2.2 REQMOD squidclamav 200
30/Aug/2017:10:19:41 -0700, 2.2.2.5 2.2.2.2 RESPMOD squidclamav 200
30/Aug/2017:10:19:48 -0700, 2.2.2.5 2.2.2.2 REQMOD squidclamav 200
30/Aug/2017:10:19:48 -0700, 2.2.2.5 2.2.2.2 RESPMOD squidclamav 200
30/Aug/2017:10:20:48 -0700, 2.2.2.5 2.2.2.2 REQMOD squidclamav 200
30/Aug/2017:10:20:48 -0700, 2.2.2.5 2.2.2.2 RESPMOD squidclamav 200
30/Aug/2017:10:20:48 -0700, 2.2.2.5 2.2.2.2 REQMOD squidclamav 200
30/Aug/2017:10:20:48 -0700, 2.2.2.5 2.2.2.2 RESPMOD squidclamav 200



On Wed, Aug 30, 2017 at 11:37 AM, Alain Zidouemba  wrote:

> $ wget http://www.eicar.org/download/eicar.com.txt
> --2017-08-30 14:35:48--  http://www.eicar.org/download/eicar.com.txt
> Resolving www.eicar.org (www.eicar.org)... 213.211.198.62
> Connecting to www.eicar.org (www.eicar.org)|213.211.198.62|:80...
> connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 68 [application/octet-stream]
> Saving to: 'eicar.com.txt'
>
> eicar.com.txt
> 100%[===
> ===>]
>  68  --.-KB/sin 0s
>
> 2017-08-30 14:35:49 (16.5 MB/s) - 'eicar.com.txt' saved [68/68]
>
> $ shasum -a 256 eicar.com.txt
> 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f
>  eicar.com.txt
>
> $ clamscan eicar.com.txt
> *eicar.com.txt: Eicar-Test-Signature FOUND*
>
> --- SCAN SUMMARY ---
> Known viruses: 6303395
> Engine version: 0.99.2
> Scanned directories: 0
> Scanned files: 1
> Infected files: 1
> Data scanned: 0.00 MB
> Data read: 0.00 MB (ratio 0.00:1)
> Time: 15.420 sec (0 m 15 s)
>
>
> On Wed, Aug 30, 2017 at 1:59 PM, Colin Rogers 
> wrote:
>
> > Hello Steve,
> >
> > Thank you for getting back to me about this. I can definitely open a bug
> > for this but I would like to make sure it is an actual bug and not a
> > misconfiguration on my part somehow. This was working before so I dont
> > understand why it isnt working any longer. Is there anything I can
> provide
> > to try and troubleshoot this before opening a bug? This is the exact
> file:
> >
> > http://www.eicar.org/download/eicar.com.txt
> >
> > I have renamed it, tried the other files on that page, etc etc to no
> avail.
> >
> > I have attached my squidclamav.conf and clamd.conf files in case I have
> > missed something in those files.
> >
> > Thanks again,
> >
> > Colin
> >
> > On Wed, Aug 30, 2017 at 10:52 AM, Steven Morgan 
> > wrote:
> >
> > > Colin,
> > >
> > > Please open a bug report @ bugzilla.clamav.net. In the report, please
> > > attach the exact eicar files that you are using.
> > >
> > > Steve
> > >
> > > On Wed, Aug 30, 2017 at 1:01 PM, Colin Rogers <
> colinrogers...@gmail.com>
> > > wrote:
> > >
> > > > Hello everyone,
> > > >
> > > > I am having some trouble getting my clamav setup to detect infected
> > files
> > > > suddenly. I have downloaded various eicar test files and each one is
> > let
> > > > through clamav without any issues. Im pretty new to this but would
> > > greatly
> > > > appreciate some assistance.
> > > >
> > > > Please let me know what I can provide to get to the bottom of this.
> > > >
> > > > Thank you in advance,
> > > >
> > > > Colin
> > > >
> > > ___
> > > clamav-users mailing list
> > > clamav-users@lists.clamav.net
> > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> > >
> > >
> > > Help us build a comprehensive ClamAV guide:
> > > https://github.com/vrtadmin/clamav-faq
> > >
> > > http://www.clamav.net/contact.html#ml
> > >
> > ___
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> >
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

Re: [clamav-users] ClamAV not picking up Eicar file...

2017-08-30 Thread Alain Zidouemba 
$ wget http://www.eicar.org/download/eicar.com.txt
--2017-08-30 14:35:48--  http://www.eicar.org/download/eicar.com.txt
Resolving www.eicar.org (www.eicar.org)... 213.211.198.62
Connecting to www.eicar.org (www.eicar.org)|213.211.198.62|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 68 [application/octet-stream]
Saving to: 'eicar.com.txt'

eicar.com.txt
100%[==>]
 68  --.-KB/sin 0s

2017-08-30 14:35:49 (16.5 MB/s) - 'eicar.com.txt' saved [68/68]

$ shasum -a 256 eicar.com.txt
275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f
 eicar.com.txt

$ clamscan eicar.com.txt
*eicar.com.txt: Eicar-Test-Signature FOUND*

--- SCAN SUMMARY ---
Known viruses: 6303395
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 15.420 sec (0 m 15 s)


On Wed, Aug 30, 2017 at 1:59 PM, Colin Rogers 
wrote:

> Hello Steve,
>
> Thank you for getting back to me about this. I can definitely open a bug
> for this but I would like to make sure it is an actual bug and not a
> misconfiguration on my part somehow. This was working before so I dont
> understand why it isnt working any longer. Is there anything I can provide
> to try and troubleshoot this before opening a bug? This is the exact file:
>
> http://www.eicar.org/download/eicar.com.txt
>
> I have renamed it, tried the other files on that page, etc etc to no avail.
>
> I have attached my squidclamav.conf and clamd.conf files in case I have
> missed something in those files.
>
> Thanks again,
>
> Colin
>
> On Wed, Aug 30, 2017 at 10:52 AM, Steven Morgan 
> wrote:
>
> > Colin,
> >
> > Please open a bug report @ bugzilla.clamav.net. In the report, please
> > attach the exact eicar files that you are using.
> >
> > Steve
> >
> > On Wed, Aug 30, 2017 at 1:01 PM, Colin Rogers 
> > wrote:
> >
> > > Hello everyone,
> > >
> > > I am having some trouble getting my clamav setup to detect infected
> files
> > > suddenly. I have downloaded various eicar test files and each one is
> let
> > > through clamav without any issues. Im pretty new to this but would
> > greatly
> > > appreciate some assistance.
> > >
> > > Please let me know what I can provide to get to the bottom of this.
> > >
> > > Thank you in advance,
> > >
> > > Colin
> > >
> > ___
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> >
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV not picking up Eicar file...

2017-08-30 Thread Colin Rogers 
Hello Steve,

Thank you for getting back to me about this. I can definitely open a bug
for this but I would like to make sure it is an actual bug and not a
misconfiguration on my part somehow. This was working before so I dont
understand why it isnt working any longer. Is there anything I can provide
to try and troubleshoot this before opening a bug? This is the exact file:

http://www.eicar.org/download/eicar.com.txt

I have renamed it, tried the other files on that page, etc etc to no avail.

I have attached my squidclamav.conf and clamd.conf files in case I have
missed something in those files.

Thanks again,

Colin

On Wed, Aug 30, 2017 at 10:52 AM, Steven Morgan 
wrote:

> Colin,
>
> Please open a bug report @ bugzilla.clamav.net. In the report, please
> attach the exact eicar files that you are using.
>
> Steve
>
> On Wed, Aug 30, 2017 at 1:01 PM, Colin Rogers 
> wrote:
>
> > Hello everyone,
> >
> > I am having some trouble getting my clamav setup to detect infected files
> > suddenly. I have downloaded various eicar test files and each one is let
> > through clamav without any issues. Im pretty new to this but would
> greatly
> > appreciate some assistance.
> >
> > Please let me know what I can provide to get to the bottom of this.
> >
> > Thank you in advance,
> >
> > Colin
> >
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV not picking up Eicar file...

2017-08-30 Thread Steven Morgan 
Colin,

Please open a bug report @ bugzilla.clamav.net. In the report, please
attach the exact eicar files that you are using.

Steve

On Wed, Aug 30, 2017 at 1:01 PM, Colin Rogers 
wrote:

> Hello everyone,
>
> I am having some trouble getting my clamav setup to detect infected files
> suddenly. I have downloaded various eicar test files and each one is let
> through clamav without any issues. Im pretty new to this but would greatly
> appreciate some assistance.
>
> Please let me know what I can provide to get to the bottom of this.
>
> Thank you in advance,
>
> Colin
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] ClamAV not picking up Eicar file...

2017-08-30 Thread Colin Rogers 
Hello everyone,

I am having some trouble getting my clamav setup to detect infected files
suddenly. I have downloaded various eicar test files and each one is let
through clamav without any issues. Im pretty new to this but would greatly
appreciate some assistance.

Please let me know what I can provide to get to the bottom of this.

Thank you in advance,

Colin
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml