Re: [Clamav-users] eicar not detected

Mon, 21 May 2007 03:04:31 -0700 

On 2007-05-21 07:26, Benoit Schmid wrote:
> Good morning,
> 
> When I run a clamscan on a folder containing emails with different viruses.
> There is an eicar that is not detected.
> 
> Would you know why?

Because the file below is not a mail message.


> 
> The file start after this line:
> t;1179497094
> p;3
> *;4
> u;FILTER_DISCARD
> c;tcp_intranet
> (;TCP|129.194.9.224|25|129.194.16.24|46422
> );SMTP/a
> s;a ([129.194.16.24])
> h;<[EMAIL PROTECTED]>
> m;
> d;20
> *;36
> j;rfc822
> f;[EMAIL PROTECTED]
> @mbox.unige.ch:[EMAIL PROTECTED]
> Boundary_(ID_FlUaFePoptV3h07KbhxMAQ)
> Received: from a ([129.194.16.24])
>  by victor.unige.ch (Sun Java(tm) System Messaging Server 6.3-0.15 
> (built Feb
>  9 2007)) with ESMTP id <[EMAIL PROTECTED]> for
>  [EMAIL PROTECTED] (ORCPT [EMAIL PROTECTED]); Fri,
>  18 May 2007 16:04:54 +0200 (MEST)
> Date-warning: Date header was inserted by victor.unige.ch
> Date: Fri, 18 May 2007 16:04:53 +0200 (MEST)
> Message-id: <[EMAIL PROTECTED]>
> To: Undisclosed recipients: ;
> 
> [EMAIL PROTECTED](P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
> Boundary_(ID_FlUaFePoptV3h07KbhxMAQ)

When extracting the lines between the "\x01\x02Boundary"
and saving it in a file, that file is flagged with EICAR.


-- 
Paul Bijnens, xplanation Technology Services        Tel  +32 16 397.511
Technologielaan 21 bus 2, B-3001 Leuven, BELGIUM    Fax  +32 16 397.512
http://www.xplanation.com/          email:  [EMAIL PROTECTED]
***********************************************************************
* I think I've got the hang of it now:  exit, ^D, ^C, ^\, ^Z, ^Q, ^^, *
* F6, quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, *
* stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt,  abort,  hangup, *
* PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e,  kill -1 $$,  shutdown, *
* init 0, kill -9 1, Alt-F4, Ctrl-Alt-Del, AltGr-NumLock, Stop-A, ... *
* ...  "Are you sure?"  ...   YES   ...   Phew ...   I'm out          *
***********************************************************************

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Reply via email to