On 2009-08-01 10:50, M Rajesh-B22236 wrote: > CLAM AV version we used is 0.94.2 > > I used Telnet client to send a mail with Eicar string in a file as > attachment. > > Expecting clamd to detect it as virus mail, but instead it returned as > clean mail. > > This is working fine with any email client, problem is coming by using > Telnet > > interface only. > > Following is the data that send to clamd for scanning; >
This is not an email, what email client opens it and displays the attachment properly? > Subject: > You are missing some headers here: From Content-Type: multipart/mixed; boundary="=-E6uObbGoQ4lkg+aYaH2/" If you add those, then clamav detects eicar, I don't see a problem here. > --=-E6uObbGoQ4lkg+aYaH2/ > > Content-Type: text/plain > > Content-Transfer-Encoding: 7bit > > > > > > --=-E6uObbGoQ4lkg+aYaH2/ > > Content-Disposition: attachment; filename=eicar.com > > Content-Type: text/plain; name=eicar.com; charset=us-ascii > > Content-Transfer-Encoding: 7bit > > x5o...@ap[4\pzx54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* > > --=-E6uObbGoQ4lkg+aYaH2/-- > > . > > Can any one suggest reason for the above problem ? > > One guess is SMTP clients will also sends SMTP message headers like > From,To,Content-Type,Message-Id, Mime-Version,etc as part of data and > same is not the case for Telnet. > Does your mail server even accept the above mail? Which mail server is it? > But I think clamd should return error in case of any failures of SMTP > header parsing instead of sending it as clean mail. > That would lead to many false positives, not all emails follow the RFC standard. Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
