So we're 6 months on and I've tried ASSP w/ClamAV on Windows, Ubuntu and now Debian. ClamAV doesn't seem to work 'as expected' on any setup. NOTE: I am not using the Sanesecurity signatures.
>From http://www.aleph-tec.com/eicar/index.php I send all 7 EICAR email tests. >Of those, only 3 hit my mail server (no idea what's going on there). Of those >3, none of them are detected as a virus/eicar test. My next-level AV, >however, detects them just fine. However, if I copy the test text and paste it into an email message, ASSP detects it successfully. It seems like ClamAV in ASSP can't detect EICAR in attachments. Seems to defeat the purpose of AV if you assume that same logic applies to legitimate virii. Can anyone confirm my findings or suggest a fix? Thanks, Alex -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of James Brown Sent: Sunday, August 10, 2008 11:03 PM To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy Subject: Re: [Assp-user] EICAR Test Emails Not Being Detected ASSP's log will show something like this: Aug-11-08 08:18:43 id-06722-15989 211.29.132.183 <[email protected] > to: [email protected] PB-Message-Score is 45, added 45 (virus detected: 'Email.Scam4.Gen1251.Sanesecurity.08030415') clamd.log will show: Mon Aug 11 08:18:43 2008 -> stream 2007: Email.Scam4.Gen1251.Sanesecurity.08030415 FOUND Hope this helps, James. On 11/08/2008, at 12:57 PM, Alex Davidson wrote: > Can anyone confirm or deny this? > > Can someone share what an ASSP/ClamAV-logged virus detection looks > like? > > -----Original Message----- > From: [email protected] > [mailto:[email protected] > ] On Behalf Of Micheal Espinola Jr > Sent: Saturday, August 09, 2008 11:18 PM > To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy > Subject: Re: [Assp-user] EICAR Test Emails Not Being Detected > > Alex Davidson wrote: >> Are other people seeing ClamAV detect Eicar successfully? > > Its been a while since I've done this - but don't you have to use/ > create a custom signature file for performing the EICAR test with > ClamAV? ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
