http://tools.declude.com/ seems to do the trick if you send a plain text
attachment or a non-password protected zip
ClamAV passed with flying colors using those 2.
No doubt the other tests failed because ASSP can't open the password-protected
zips to scan them!
From: Erland Møller [mailto:[email protected]]
Sent: Friday, February 06, 2009 1:52 AM
To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
Subject: Re: [Assp-user] EICAR Test Emails Not Being Detected
Alex Davidson schreef:
So we're 6 months on and I've tried ASSP w/ClamAV on Windows, Ubuntu and now
Debian.
ClamAV doesn't seem to work 'as expected' on any setup.
NOTE: I am not using the Sanesecurity signatures.
>From http://www.aleph-tec.com/eicar/index.php I send all 7 EICAR email tests.
>Of those, only 3 hit my mail server (no idea what's going on there). Of those
>3, none of them are detected as a virus/eicar test. My next-level AV,
>however, detects them just fine.
However, if I copy the test text and paste it into an email message, ASSP
detects it successfully.
It seems like ClamAV in ASSP can't detect EICAR in attachments. Seems to
defeat the purpose of AV if you assume that same logic applies to legitimate
virii.
Can anyone confirm my findings or suggest a fix?
Thanks,
Alex
-----Original Message-----
From:
[email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of James Brown
Sent: Sunday, August 10, 2008 11:03 PM
To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
Subject: Re: [Assp-user] EICAR Test Emails Not Being Detected
ASSP's log will show something like this:
Aug-11-08 08:18:43 id-06722-15989 211.29.132.183
<[email protected]<mailto:[email protected]>
><mailto:[email protected]> to:
>[email protected]<mailto:[email protected]> PB-Message-Score is 45, added 45
>(virus
detected: 'Email.Scam4.Gen1251.Sanesecurity.08030415')
clamd.log will show:
Mon Aug 11 08:18:43 2008 -> stream 2007:
Email.Scam4.Gen1251.Sanesecurity.08030415 FOUND
Hope this helps,
James.
On 11/08/2008, at 12:57 PM, Alex Davidson wrote:
Can anyone confirm or deny this?
Can someone share what an ASSP/ClamAV-logged virus detection looks
like?
-----Original Message-----
From:
[email protected]<mailto:[email protected]>
[mailto:[email protected]
] On Behalf Of Micheal Espinola Jr
Sent: Saturday, August 09, 2008 11:18 PM
To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
Subject: Re: [Assp-user] EICAR Test Emails Not Being Detected
Alex Davidson wrote:
Are other people seeing ClamAV detect Eicar successfully?
Its been a while since I've done this - but don't you have to use/
create a custom signature file for performing the EICAR test with
ClamAV?
I seem to have the same result, of the 7 tests i only receive 3:
The first message without virus, eicarpasswrd.zip and eicarpasswdocr.zip.
None of them tagged as virus and no mention of the other mails in the assp
logfile.
So the next step was trying to reproduce it. I sent the test-mails to two other
E-mail accounts i have without ASSP or other anti-virus/anti-spam software.
I only received 3 Emails. Seems like eicar only sends 3 mails.
I sent a mail with a question about this to Oleg Titov and wil keep you
informed.
Erland.
------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
