installed amavis 2.7.1 on gentoo. problem detecting eicar files.
Marko Weber
weber at zackbummfertig.de
Wed Jul 4 17:47:35 CEST 2012
Hi Martin,
on console all oke, clamscan detects eicar.zip as testfile
in amavis log i find this:
Jul 4 17:41:53 mail amavis[1362]: (01362-01) run_av (ClamAV-clamd)
result: /var/amavis/tmp/amavis-20120704T174152-01362-FZFRqVwJ/parts:
OK\n
Jul 4 17:41:53 mail amavis[1362]: (01362-01) run_av (ClamAV-clamd):
CLEAN
Jul 4 17:41:53 mail amavis[1362]: (01362-01) run_av (ClamAV-clamd)
result: clean
is it correct that it pass? as u said its a test filen and not a virus.
Am 04.07.2012 17:01, schrieb Mark Martinec:
> Marko,
>
>> i installed amavis 2.7.1 on my gentoo box.
>> i used the amavisd.conf that come with gentoo ebuild.
>> it detects banned files as expected.
>> but it doesnt detect eicar text in mailbody
>> and it doesnt detect eicar test files eicar.zip & eicar2.zip
>>
>> i am not very confirm with the amavis conf file.
>> early days, with 2.6.5 it worked out of the box.
>>
>> can u help me to find whats wrong in config?
>
> Rise the log level and see how decoding, and file type
> detection goes. Perhaps the eicar.com pattern was not
> the only thing in a mail body (e.g. wrapped, signature,
> html, ...). I also heard that some virus scanners
> report this pattern as a test pattern and not as
> infected. Check first that your eicar file is detected
> as a virus by a command line version of your virus scanner.
>
> Mark
More information about the amavis-users
mailing list