Hi Martin,
on console all oke, clamscan detects eicar.zip as testfile
in amavis log i find this:
Jul 4 17:41:53 mail amavis[1362]: (01362-01) run_av (ClamAV-clamd)
result: /var/amavis/tmp/amavis-20120704T174152-01362-FZFRqVwJ/parts:
OK\n
Jul 4 17:41:53 mail amavis[1362]: (01362-01) run_av (ClamAV-clamd):
CLEAN
Jul 4 17:41:53 mail amavis[1362]: (01362-01) run_av (ClamAV-clamd)
result: clean
is it correct that it pass? as u said its a test filen and not a virus.
Am 04.07.2012 17:01, schrieb Mark Martinec:
Marko,
i installed amavis 2.7.1 on my gentoo box.
i used the amavisd.conf that come with gentoo ebuild.
it detects banned files as expected.
but it doesnt detect eicar text in mailbody
and it doesnt detect eicar test files eicar.zip & eicar2.zip
i am not very confirm with the amavis conf file.
early days, with 2.6.5 it worked out of the box.
can u help me to find whats wrong in config?
Rise the log level and see how decoding, and file type
detection goes. Perhaps the eicar.com pattern was not
the only thing in a mail body (e.g. wrapped, signature,
html, ...). I also heard that some virus scanners
report this pattern as a test pattern and not as
infected. Check first that your eicar file is detected
as a virus by a command line version of your virus scanner.
Mark
