I also get signature found when I run clamscan against the file but not when going through icap. I can see in my c-icap/access.log file that clam considers the file good to go:
ubuntu-icap:~$ clamscan eicar.com.txt eicar.com.txt: Eicar-Test-Signature FOUND ----------- SCAN SUMMARY ----------- Known viruses: 6303395 Engine version: 0.99.2 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 9.843 sec (0 m 9 s) ubuntu-icap:~$ tail -f /var/log/c-icap/access.log 30/Aug/2017:10:19:37 -0700, 2.2.2.5 2.2.2.2 REQMOD squidclamav 200 30/Aug/2017:10:19:37 -0700, 2.2.2.5 2.2.2.2 RESPMOD squidclamav 200 30/Aug/2017:10:19:41 -0700, 2.2.2.5 2.2.2.2 REQMOD squidclamav 200 30/Aug/2017:10:19:41 -0700, 2.2.2.5 2.2.2.2 RESPMOD squidclamav 200 30/Aug/2017:10:19:48 -0700, 2.2.2.5 2.2.2.2 REQMOD squidclamav 200 30/Aug/2017:10:19:48 -0700, 2.2.2.5 2.2.2.2 RESPMOD squidclamav 200 30/Aug/2017:10:20:48 -0700, 2.2.2.5 2.2.2.2 REQMOD squidclamav 200 30/Aug/2017:10:20:48 -0700, 2.2.2.5 2.2.2.2 RESPMOD squidclamav 200 30/Aug/2017:10:20:48 -0700, 2.2.2.5 2.2.2.2 REQMOD squidclamav 200 30/Aug/2017:10:20:48 -0700, 2.2.2.5 2.2.2.2 RESPMOD squidclamav 200 On Wed, Aug 30, 2017 at 11:37 AM, Alain Zidouemba <[email protected] > wrote: > $ wget http://www.eicar.org/download/eicar.com.txt > --2017-08-30 14:35:48-- http://www.eicar.org/download/eicar.com.txt > Resolving www.eicar.org (www.eicar.org)... 213.211.198.62 > Connecting to www.eicar.org (www.eicar.org)|213.211.198.62|:80... > connected. > HTTP request sent, awaiting response... 200 OK > Length: 68 [application/octet-stream] > Saving to: 'eicar.com.txt' > > eicar.com.txt > 100%[======================================================= > ===================================================>] > 68 --.-KB/s in 0s > > 2017-08-30 14:35:49 (16.5 MB/s) - 'eicar.com.txt' saved [68/68] > > $ shasum -a 256 eicar.com.txt > 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f > eicar.com.txt > > $ clamscan eicar.com.txt > *eicar.com.txt: Eicar-Test-Signature FOUND* > > ----------- SCAN SUMMARY ----------- > Known viruses: 6303395 > Engine version: 0.99.2 > Scanned directories: 0 > Scanned files: 1 > Infected files: 1 > Data scanned: 0.00 MB > Data read: 0.00 MB (ratio 0.00:1) > Time: 15.420 sec (0 m 15 s) > > > On Wed, Aug 30, 2017 at 1:59 PM, Colin Rogers <[email protected]> > wrote: > > > Hello Steve, > > > > Thank you for getting back to me about this. I can definitely open a bug > > for this but I would like to make sure it is an actual bug and not a > > misconfiguration on my part somehow. This was working before so I dont > > understand why it isnt working any longer. Is there anything I can > provide > > to try and troubleshoot this before opening a bug? This is the exact > file: > > > > http://www.eicar.org/download/eicar.com.txt > > > > I have renamed it, tried the other files on that page, etc etc to no > avail. > > > > I have attached my squidclamav.conf and clamd.conf files in case I have > > missed something in those files. > > > > Thanks again, > > > > Colin > > > > On Wed, Aug 30, 2017 at 10:52 AM, Steven Morgan <[email protected]> > > wrote: > > > > > Colin, > > > > > > Please open a bug report @ bugzilla.clamav.net. In the report, please > > > attach the exact eicar files that you are using. > > > > > > Steve > > > > > > On Wed, Aug 30, 2017 at 1:01 PM, Colin Rogers < > [email protected]> > > > wrote: > > > > > > > Hello everyone, > > > > > > > > I am having some trouble getting my clamav setup to detect infected > > files > > > > suddenly. I have downloaded various eicar test files and each one is > > let > > > > through clamav without any issues. Im pretty new to this but would > > > greatly > > > > appreciate some assistance. > > > > > > > > Please let me know what I can provide to get to the bottom of this. > > > > > > > > Thank you in advance, > > > > > > > > Colin > > > > > > > _______________________________________________ > > > clamav-users mailing list > > > [email protected] > > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > > > > > > > Help us build a comprehensive ClamAV guide: > > > https://github.com/vrtadmin/clamav-faq > > > > > > http://www.clamav.net/contact.html#ml > > > > > _______________________________________________ > > clamav-users mailing list > > [email protected] > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > > > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > > > http://www.clamav.net/contact.html#ml > > > _______________________________________________ > clamav-users mailing list > [email protected] > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
