Re: [clamav-users] ClamAV not picking up Eicar file...
Hello, Thank you for the advice. I set that up and saw files being added to the directory I specified. Scans on those files did not trigger anything. I then tried the eicarcom2.zip file and that did show as an infected file. It also showed as infected when I scanned it in the temp directory. Seems like its not my config but possibly something else. I appreciated the help and should be able to move forward from here. Thanks again, Colin On Wed, Aug 30, 2017 at 2:06 PM, Steven Morganwrote: > Colin, > > Is it possible that icap has changed the file in some way? Is it possible > to set up a test to verify what is sent to ClamAV? > > You could also try using the clamd.conf parameters LeaveTemporaryFiles and > TemporaryDirectory. Then run your file through your squidclamav > configuration and inspect the file(s) left in the temporary directory. > Hopefully, it will contain a file that looks something like the eicar. If > nothing is left there, try it with eicar inside of a zip file. > > Steve > > On Wed, Aug 30, 2017 at 2:40 PM, Colin Rogers > wrote: > > > I also get signature found when I run clamscan against the file but not > > when going through icap. I can see in my c-icap/access.log file that clam > > considers the file good to go: > > > > ubuntu-icap:~$ clamscan eicar.com.txt > > eicar.com.txt: Eicar-Test-Signature FOUND > > > > --- SCAN SUMMARY --- > > Known viruses: 6303395 > > Engine version: 0.99.2 > > Scanned directories: 0 > > Scanned files: 1 > > Infected files: 1 > > Data scanned: 0.00 MB > > Data read: 0.00 MB (ratio 0.00:1) > > Time: 9.843 sec (0 m 9 s) > > > > > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV not picking up Eicar file...
Colin, Is it possible that icap has changed the file in some way? Is it possible to set up a test to verify what is sent to ClamAV? You could also try using the clamd.conf parameters LeaveTemporaryFiles and TemporaryDirectory. Then run your file through your squidclamav configuration and inspect the file(s) left in the temporary directory. Hopefully, it will contain a file that looks something like the eicar. If nothing is left there, try it with eicar inside of a zip file. Steve On Wed, Aug 30, 2017 at 2:40 PM, Colin Rogerswrote: > I also get signature found when I run clamscan against the file but not > when going through icap. I can see in my c-icap/access.log file that clam > considers the file good to go: > > ubuntu-icap:~$ clamscan eicar.com.txt > eicar.com.txt: Eicar-Test-Signature FOUND > > --- SCAN SUMMARY --- > Known viruses: 6303395 > Engine version: 0.99.2 > Scanned directories: 0 > Scanned files: 1 > Infected files: 1 > Data scanned: 0.00 MB > Data read: 0.00 MB (ratio 0.00:1) > Time: 9.843 sec (0 m 9 s) > > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV not picking up Eicar file...
On 30.08.17 19:01, Colin Rogers wrote: > Please let me know what I can provide to get to the bottom of this. Three messages of yours have been weeded out here. Please don't send virus samples to public mailing lists. -Ralph ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV not picking up Eicar file...
I also get signature found when I run clamscan against the file but not when going through icap. I can see in my c-icap/access.log file that clam considers the file good to go: ubuntu-icap:~$ clamscan eicar.com.txt eicar.com.txt: Eicar-Test-Signature FOUND --- SCAN SUMMARY --- Known viruses: 6303395 Engine version: 0.99.2 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 9.843 sec (0 m 9 s) ubuntu-icap:~$ tail -f /var/log/c-icap/access.log 30/Aug/2017:10:19:37 -0700, 2.2.2.5 2.2.2.2 REQMOD squidclamav 200 30/Aug/2017:10:19:37 -0700, 2.2.2.5 2.2.2.2 RESPMOD squidclamav 200 30/Aug/2017:10:19:41 -0700, 2.2.2.5 2.2.2.2 REQMOD squidclamav 200 30/Aug/2017:10:19:41 -0700, 2.2.2.5 2.2.2.2 RESPMOD squidclamav 200 30/Aug/2017:10:19:48 -0700, 2.2.2.5 2.2.2.2 REQMOD squidclamav 200 30/Aug/2017:10:19:48 -0700, 2.2.2.5 2.2.2.2 RESPMOD squidclamav 200 30/Aug/2017:10:20:48 -0700, 2.2.2.5 2.2.2.2 REQMOD squidclamav 200 30/Aug/2017:10:20:48 -0700, 2.2.2.5 2.2.2.2 RESPMOD squidclamav 200 30/Aug/2017:10:20:48 -0700, 2.2.2.5 2.2.2.2 REQMOD squidclamav 200 30/Aug/2017:10:20:48 -0700, 2.2.2.5 2.2.2.2 RESPMOD squidclamav 200 On Wed, Aug 30, 2017 at 11:37 AM, Alain Zidouembawrote: > $ wget http://www.eicar.org/download/eicar.com.txt > --2017-08-30 14:35:48-- http://www.eicar.org/download/eicar.com.txt > Resolving www.eicar.org (www.eicar.org)... 213.211.198.62 > Connecting to www.eicar.org (www.eicar.org)|213.211.198.62|:80... > connected. > HTTP request sent, awaiting response... 200 OK > Length: 68 [application/octet-stream] > Saving to: 'eicar.com.txt' > > eicar.com.txt > 100%[=== > ===>] > 68 --.-KB/sin 0s > > 2017-08-30 14:35:49 (16.5 MB/s) - 'eicar.com.txt' saved [68/68] > > $ shasum -a 256 eicar.com.txt > 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f > eicar.com.txt > > $ clamscan eicar.com.txt > *eicar.com.txt: Eicar-Test-Signature FOUND* > > --- SCAN SUMMARY --- > Known viruses: 6303395 > Engine version: 0.99.2 > Scanned directories: 0 > Scanned files: 1 > Infected files: 1 > Data scanned: 0.00 MB > Data read: 0.00 MB (ratio 0.00:1) > Time: 15.420 sec (0 m 15 s) > > > On Wed, Aug 30, 2017 at 1:59 PM, Colin Rogers > wrote: > > > Hello Steve, > > > > Thank you for getting back to me about this. I can definitely open a bug > > for this but I would like to make sure it is an actual bug and not a > > misconfiguration on my part somehow. This was working before so I dont > > understand why it isnt working any longer. Is there anything I can > provide > > to try and troubleshoot this before opening a bug? This is the exact > file: > > > > http://www.eicar.org/download/eicar.com.txt > > > > I have renamed it, tried the other files on that page, etc etc to no > avail. > > > > I have attached my squidclamav.conf and clamd.conf files in case I have > > missed something in those files. > > > > Thanks again, > > > > Colin > > > > On Wed, Aug 30, 2017 at 10:52 AM, Steven Morgan > > wrote: > > > > > Colin, > > > > > > Please open a bug report @ bugzilla.clamav.net. In the report, please > > > attach the exact eicar files that you are using. > > > > > > Steve > > > > > > On Wed, Aug 30, 2017 at 1:01 PM, Colin Rogers < > colinrogers...@gmail.com> > > > wrote: > > > > > > > Hello everyone, > > > > > > > > I am having some trouble getting my clamav setup to detect infected > > files > > > > suddenly. I have downloaded various eicar test files and each one is > > let > > > > through clamav without any issues. Im pretty new to this but would > > > greatly > > > > appreciate some assistance. > > > > > > > > Please let me know what I can provide to get to the bottom of this. > > > > > > > > Thank you in advance, > > > > > > > > Colin > > > > > > > ___ > > > clamav-users mailing list > > > clamav-users@lists.clamav.net > > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > > > > > > > Help us build a comprehensive ClamAV guide: > > > https://github.com/vrtadmin/clamav-faq > > > > > > http://www.clamav.net/contact.html#ml > > > > > ___ > > clamav-users mailing list > > clamav-users@lists.clamav.net > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > > > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > > > http://www.clamav.net/contact.html#ml > > > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml >
Re: [clamav-users] ClamAV not picking up Eicar file...
$ wget http://www.eicar.org/download/eicar.com.txt --2017-08-30 14:35:48-- http://www.eicar.org/download/eicar.com.txt Resolving www.eicar.org (www.eicar.org)... 213.211.198.62 Connecting to www.eicar.org (www.eicar.org)|213.211.198.62|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 68 [application/octet-stream] Saving to: 'eicar.com.txt' eicar.com.txt 100%[==>] 68 --.-KB/sin 0s 2017-08-30 14:35:49 (16.5 MB/s) - 'eicar.com.txt' saved [68/68] $ shasum -a 256 eicar.com.txt 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f eicar.com.txt $ clamscan eicar.com.txt *eicar.com.txt: Eicar-Test-Signature FOUND* --- SCAN SUMMARY --- Known viruses: 6303395 Engine version: 0.99.2 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 15.420 sec (0 m 15 s) On Wed, Aug 30, 2017 at 1:59 PM, Colin Rogerswrote: > Hello Steve, > > Thank you for getting back to me about this. I can definitely open a bug > for this but I would like to make sure it is an actual bug and not a > misconfiguration on my part somehow. This was working before so I dont > understand why it isnt working any longer. Is there anything I can provide > to try and troubleshoot this before opening a bug? This is the exact file: > > http://www.eicar.org/download/eicar.com.txt > > I have renamed it, tried the other files on that page, etc etc to no avail. > > I have attached my squidclamav.conf and clamd.conf files in case I have > missed something in those files. > > Thanks again, > > Colin > > On Wed, Aug 30, 2017 at 10:52 AM, Steven Morgan > wrote: > > > Colin, > > > > Please open a bug report @ bugzilla.clamav.net. In the report, please > > attach the exact eicar files that you are using. > > > > Steve > > > > On Wed, Aug 30, 2017 at 1:01 PM, Colin Rogers > > wrote: > > > > > Hello everyone, > > > > > > I am having some trouble getting my clamav setup to detect infected > files > > > suddenly. I have downloaded various eicar test files and each one is > let > > > through clamav without any issues. Im pretty new to this but would > > greatly > > > appreciate some assistance. > > > > > > Please let me know what I can provide to get to the bottom of this. > > > > > > Thank you in advance, > > > > > > Colin > > > > > ___ > > clamav-users mailing list > > clamav-users@lists.clamav.net > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > > > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > > > http://www.clamav.net/contact.html#ml > > > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV not picking up Eicar file...
Hello Steve, Thank you for getting back to me about this. I can definitely open a bug for this but I would like to make sure it is an actual bug and not a misconfiguration on my part somehow. This was working before so I dont understand why it isnt working any longer. Is there anything I can provide to try and troubleshoot this before opening a bug? This is the exact file: http://www.eicar.org/download/eicar.com.txt I have renamed it, tried the other files on that page, etc etc to no avail. I have attached my squidclamav.conf and clamd.conf files in case I have missed something in those files. Thanks again, Colin On Wed, Aug 30, 2017 at 10:52 AM, Steven Morganwrote: > Colin, > > Please open a bug report @ bugzilla.clamav.net. In the report, please > attach the exact eicar files that you are using. > > Steve > > On Wed, Aug 30, 2017 at 1:01 PM, Colin Rogers > wrote: > > > Hello everyone, > > > > I am having some trouble getting my clamav setup to detect infected files > > suddenly. I have downloaded various eicar test files and each one is let > > through clamav without any issues. Im pretty new to this but would > greatly > > appreciate some assistance. > > > > Please let me know what I can provide to get to the bottom of this. > > > > Thank you in advance, > > > > Colin > > > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV not picking up Eicar file...
Colin, Please open a bug report @ bugzilla.clamav.net. In the report, please attach the exact eicar files that you are using. Steve On Wed, Aug 30, 2017 at 1:01 PM, Colin Rogerswrote: > Hello everyone, > > I am having some trouble getting my clamav setup to detect infected files > suddenly. I have downloaded various eicar test files and each one is let > through clamav without any issues. Im pretty new to this but would greatly > appreciate some assistance. > > Please let me know what I can provide to get to the bottom of this. > > Thank you in advance, > > Colin > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] ClamAV not picking up Eicar file...
Hello everyone, I am having some trouble getting my clamav setup to detect infected files suddenly. I have downloaded various eicar test files and each one is let through clamav without any issues. Im pretty new to this but would greatly appreciate some assistance. Please let me know what I can provide to get to the bottom of this. Thank you in advance, Colin ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml