Re: [clamav-users] Eicar.com: OK
On 10/27/2016 7:22 AM, wojtunieczek wrote: > Hi all, > I've got a problem with a test file detection. I was testing ClamAV on > Raspbian, it was detecting EICAR(http://www.eicar.com/download/eicar.com.txt) > and removing it with no problem until I quarantined and restored it via > ClamTK. Now EICAR files are indicated OK by scanner. I tried to reinstall > ClamAV but it didn't help.However, strange thing is that it still founds and > removes EICAR files downloaded from secure > protocol(https://www.eicar.com/download/eicar.com.txt). > What might be a reason of this strange behaviour? Is it that quarantine or > the secure source of download? > Thanks for any help > Wojtek If I understand your description correctly, clamav still detects freshly downloaded EICAR, but not longer detects the one previously quarantined and then released. Sounds as if the quarantined copy was somehow corrupted. Maybe check with the ClamTk folks. -- Noel Jones ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [Clamav-users] eicar.com
Gary V wrote: I see eicar.com is not detected, but eicar.com.txt and eicar_com.zip are. Gary V Now it looks like someone added it to the database. (8-} I can't remember a time when it wasn't there. It is a rather fussy string to detect, though, and that probably contributes to failure to detect more than anything. It's embedded in the Perl clamdwatch code, in fact. dp ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] eicar.com
On Mon, 12 Jun 2006 12:18:39 -0600 "Gary V" <[EMAIL PROTECTED]> wrote: > >I see eicar.com is not detected, but eicar.com.txt and eicar_com.zip are. > > > >Gary V > > Now it looks like someone added it to the database. (8-} Not true. The signature for the EICAR test file has always been in the database. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Mon Jun 12 20:25:17 CEST 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] eicar.com
I see eicar.com is not detected, but eicar.com.txt and eicar_com.zip are. Gary V Now it looks like someone added it to the database. (8-} _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] eicar.com
Hi All, I download it using internet explorer. Save it to the location. I then scan itu using clamwin. NO virus found. Then I send it to my OpenBSD machine running clamd. Run ClamScan. No virus found. I put it in my Windows 2000 Server running Norton Antivirus. It was found and quarantine. Brgds, Riwan I see eicar.com is not detected, but eicar.com.txt and eicar_com.zip are. Gary V _ FREE pop-up blocking with the new MSN Toolbar get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] eicar.com
Gary V wrote: I read in the FAQ of the clamwin that we should try to download eicar.com and see if the clamwin and clamav detect it as a virus. However, both of my Clamav and Clamwin did not detect it. I am using: X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on puffy.mcojaya.com Clamd version 0.88.2 and i always update them with freshclam. In my windows I use clamwin 0.88.2.3 and use the same main.cvd and daily.cvd. What happen? Brgds, Riwan How did you test for it? dp Yes, usually when it is not detected it is because the text string is placed in the body of an email with text or whitespace in front of it. The string must be the first thing in the body of the message - nothing in front of it. Another reason is the "virus" has been cleaned by antivirus software either on an enterprise gateway server or desktop or other antivirus software before clamav sees the virus. If it is an email message that you are diagnosing then make sure when you receive the message in your inbox that the eicar text string is still present (and was there when you sent the message). Gary V I think in this case it was not brought to the OP's system by way of email. That requires an extra step to force a scan and that is either by way of cron, Winclam scheduling, or manually. It isn't clear from the message that any of these has happened. dp ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] eicar.com
I read in the FAQ of the clamwin that we should try to download eicar.com and see if the clamwin and clamav detect it as a virus. However, both of my Clamav and Clamwin did not detect it. I am using: X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on puffy.mcojaya.com Clamd version 0.88.2 and i always update them with freshclam. In my windows I use clamwin 0.88.2.3 and use the same main.cvd and daily.cvd. What happen? Brgds, Riwan How did you test for it? dp Yes, usually when it is not detected it is because the text string is placed in the body of an email with text or whitespace in front of it. The string must be the first thing in the body of the message - nothing in front of it. Another reason is the "virus" has been cleaned by antivirus software either on an enterprise gateway server or desktop or other antivirus software before clamav sees the virus. If it is an email message that you are diagnosing then make sure when you receive the message in your inbox that the eicar text string is still present (and was there when you sent the message). Gary V _ FREE pop-up blocking with the new MSN Toolbar get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] eicar.com
riwanlky wrote: I read in the FAQ of the clamwin that we should try to download eicar.com and see if the clamwin and clamav detect it as a virus. However, both of my Clamav and Clamwin did not detect it. I am using: X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on puffy.mcojaya.com Clamd version 0.88.2 and i always update them with freshclam. In my windows I use clamwin 0.88.2.3 and use the same main.cvd and daily.cvd. What happen? Brgds, Riwan How did you test for it? dp ___ http://lurker.clamav.net/list/clamav-users.html