Ralph Seichter kirjoitti 3.10.2017 klo 17.33:
A virus was found: {HEX}EICAR.TEST.10.UNOFFICIAL
First upstream SMTP client IP address: [198.148.79.53]:24855 lists.clamav.net
Received from: 198.148.79.53 < 127.0.0.1 < 204.29.186.62 < 172.26.252.15 <
10.76.1.211 < 149.32.192.35
Return-Path: <[email protected]>
From: Nymblewyke <[email protected]>
Sender: "clamav-users" <[email protected]>
Message-ID: <[email protected]>
Subject: Re: [clamav-users] EICAR file problems
Sending virus samples (including EICAR) to public mailing lists is
problematic. The lists are not testing grounds, and it can quickly
earn you a blacklisting with various recipient organisations.
I agree, I understood this a few seconds after I sent my message. My
apologies.
On the other hand, if your virus scanner detected EICAR from my message,
I dare to say that it is broken.
http://www.eicar.org/86-0-Intended-use.html says ".. should detect it in
any file providing that the file starts with the following 68
characters, and is exactly 68 bytes long". The message did not start
with the EICAR string, and the message certainly wasn't 68 bytes long.
For reference, clamscan does not detect EICAR in these messages, and
rightly so.
_______________________________________________
clamav-users mailing list
[email protected]
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
