Your message dated Tue, 12 May 2020 18:25:08 +0200 with message-id <[email protected]> and subject line Re: Bug#959004: exim4-daemon-heavy: exiscan is missing EICAR signature in message body but finds it in attachment has caused the Debian Bug report #959004, regarding exim4-daemon-heavy: exiscan is missing EICAR signature in message body but finds it in attachment to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 959004: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959004 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: exim4-daemon-heavy Version: 4.92-8+deb10u3 Severity: normal Dear Maintainer, * What led up to the situation? Installation of exim4-daemon-heavy with av_scanner = clamd * What exactly did you do (or not do) that was effective (or ineffective)? 1. include EICAR virus signature in .txt or .zip attachment 2. include EICAR virus signature in message body * What was the outcome of this action? 1. mail refused at ACL time 2. mail accepted : message found as clean in clamd log * What outcome did you expect instead? 1. outcome ok 2. mail refused at ACL time -- System Information: Debian Release: 9.5 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages exim4-daemon-heavy depends on: ii debconf [debconf-2.0] 1.5.61 pn exim4-base <none> ii libc6 2.24-11+deb9u3 ii libdb5.3 5.3.28-12+deb9u1 ii libgnutls-dane0 3.5.8-5+deb9u3 ii libgnutls30 3.5.8-5+deb9u3 ii libldap-2.4-2 2.4.44+dfsg-5+deb9u3 ii libmariadbclient18 10.1.37-0+deb9u1 ii libpam0g 1.1.8-3.6 ii libpcre3 2:8.39-3 ii libperl5.24 5.24.1-3+deb9u5 ii libpq5 9.6.17-0+deb9u1 ii libsasl2-2 2.1.27~101-g0780600+dfsg-3+deb9u1 ii libsqlite3-0 3.16.2-5+deb9u1 exim4-daemon-heavy recommends no packages. exim4-daemon-heavy suggests no packages.
--- End Message ---
--- Begin Message ---On 2020-05-12 brunoc68 <[email protected]> wrote: [...] > I got the same behavior with Thunderbird as with swaks : even in the > command line, as soon as I had characters before and after the Eicar > signature, the mail passes through the antivirus. I guess this should > not be, at least it was not the case in the past. Hello, I have just verified that this is how clamav works: ametzler@argenau:$ grep X5O /tmp/*mbox | sed -e s/X5O.*/X5O-restofEICAR/ /tmp/eicar.mbox:X5O-restofEICAR /tmp/no-eicar.mbox:foo X5O-restofEICAR (sid)ametzler@argenau:~$ clamscan /tmp/*.mbox /tmp/eicar.mbox: Eicar-Signature FOUND /tmp/no-eicar.mbox: OK I am closing this exim bug report. If you have further questions please consult a clamav support channel. Have a nice day, cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
--- End Message ---
