Loos like I can't attach files here? Anyway I tried with Leav Temp file option enabled and below is the temp file content. I actually removed the virus signature incase if it cause trouble.
------webkitformboundaryegau8ptirxvetss4 content-disposition: form-data; name="authorization" l9lujbf8pm96budl9qewplci3dic6+0f1to5up7suyuf1dvepdi6dfygp34x2a7g ------webkitformboundaryegau8ptirxvetss4 content-disposition: form-data; name="entrantgivenname" lenore hubbard ------webkitformboundaryegau8ptirxvetss4 content-disposition: form-data; name="entrantfamilyname" alyssa todd ------webkitformboundaryegau8ptirxvetss4 content-disposition: form-data; name="entrantage" 10 ------webkitformboundaryegau8ptirxvetss4 content-disposition: form-data; name="entrantschool" sunt perspiciatis quia tempore qui adi ------webkitformboundaryegau8ptirxvetss4 content-disposition: form-data; name="title" mrs. ------webkitformboundaryegau8ptirxvetss4 content-disposition: form-data; name="givenname" fatima galloway ------webkitformboundaryegau8ptirxvetss4 content-disposition: form-data; name="familyname" fitzgerald romero ------webkitformboundaryegau8ptirxvetss4 content-disposition: form-data; name="email" [email protected] ------webkitformboundaryegau8ptirxvetss4 content-disposition: form-data; name="phone" 04000000010 ------webkitformboundaryegau8ptirxvetss4 content-disposition: form-data; name="address" aut et debitis occaecat velit itaque recusandae ea laborum quis beatae labore exercitationem ut anim quo voluptatem ------webkitformboundaryegau8ptirxvetss4 content-disposition: form-data; name="suburb" consectetur consequatur tempore ut voluptatum consequatur nulla ad aut molestiae est velit qui mollitia vel ------webkitformboundaryegau8ptirxvetss4 content-disposition: form-data; name="postcode" 2394 ------webkitformboundaryegau8ptirxvetss4 content-disposition: form-data; name="state" nsw ------webkitformboundaryegau8ptirxvetss4 content-disposition: form-data; name="agree" on ------webkitformboundaryegau8ptirxvetss4 content-disposition: form-data; name="g-recaptcha-response" 03ahj_vuuaecmen-_mvccrjnykob9dm5voahl3hii57h9bhjezc_iwfhmgmcgeidjckrgibwh8r 3ua3dzjxu8s9nwxs5byf0adzml1n3_qwzgiyivq3vrngi-xeu7kh-aju1iw92bn1gstua1wg1vq bwkm4vsf8ganh2s218utmxqv7h5_fhk2cc7wqddogztxf5xsoao8npux4-5il29xnx1gaoriuwj crap5umb5-bnm16xd3fily76d8q_9u5daxrrvtitw9oagke-gdics5j-vlkd0yqowlj3loenucx wxplbbvdvk3yzwofnty4in73lb5lxi9hb7bqbybozlye-dr-jwsmik4q ------webkitformboundaryegau8ptirxvetss4 content-disposition: form-data; name="attachment"; filename="eicar.com.png" content-type: image/png <VIRUS SIGNATURE> ------webkitformboundaryegau8ptirxvetss4-- Manoj Ramakrishnan DevOps Engineer | POS | P +61 2 8918 5906 | M 0416 128 308 On 13/02/15 5:20 PM, "Manoj Ramakrishnan" <[email protected]> wrote: >Hi, > >I have a clamd(0.98.5) + cicap(0.3.5) + squidclamav(6.12) + >squid(3.1.14) on a RHEL5 box. We use this as a virus scanning for >scanning the files uploaded through a web form. It doesn't seem to work >if I upload a png file Actually the png file is just the "eicar.com" file >but I renamed it to "eicar.com.png" because the form only accept the .png >files. > >But it works beautifully when I upload the >"eicarcom2.zip<http://www.eicar.org/download/eicarcom2.zip>" file >(renamed to .png). > >We did an strace on the clamd PID and found that, > > > 1. When I upload the eicar.com.png file it writes the tmp file with >all HTML headers(including all the form field values) and the multipart >part. Then scans it. Returns the stream OK result. > 2. When I upload the zip file it correctly extract the zip file from >the HTML POST request and create the tmp file using the just the >multipart data only. So it works > >In the case #1 I find there are two req is going to clamd, it creates two >tmp file, scans both and no virus found. >In the case of #2 it only create one file and found the virus. > >Am not sure about is this something to do with the other components >c-icap or squidclamav or squid. > > >See attached files for the relevant part in strace for both cases. > >Regards >Manoj Ramakrishnan >DevOps Engineer | POS | P +61 2 8918 5906 | M 0416 128 308 >_______________________________________________ >Help us build a comprehensive ClamAV guide: >https://github.com/vrtadmin/clamav-faq > >http://www.clamav.net/contact.html#ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
![Re: [clamav-users] Clamav doesn't seem to work when we use HTTP POST with eicar.com.png file](/search?l=clamav-users@lists.clamav.net&q=subject:%22Re%5C%3A+%5C%5Bclamav%5C-users%5C%5D+Clamav+doesn%27t+seem+to+work+when+we+use+HTTP+POST+with+eicar.com.png+file%22&o=newest){kind=link}
