Test #17: Eicar virus hidden using the "CR Vulnerability" (attachment can be
opened by all versions of Microsoft Outlook and Outlook Express)
It is not a virus so I think the Vulnerability test of Declude should catch
it.
Oh well it comes through our system as well.
Regards, Kami
I plucked the SMD files for #17 out of the queue and manually ran mcaffee on it, with the "Same" flags that declude calles and my result is this:
-------
Scanning C: []
Scanning C:\virus\DF1F0000901860D8F.SMD
C:\virus\Df1f0000901860d8f.SMD\eicar.com ... Found: EICAR test file NOT a virus.
Summary report on C:\virus\DF1F0000901860D8F.SMD
File(s)
Total files: ........... 2
Clean: ................. 1
Possibly Infected: ..... 1
Time: 00:00.00
---------
Which SHOWS there is a virus, But declude Doesn't pick it up, My local POP3 Scanner
also failes to catch it, but if I save the "EML" to my desktop, my On Demand scanner detects
it.
Also, Outlook Express failes to show it as an Attachment.
It appears the "X" attachments that declude appends to the header are messing with the test.
--- This email has been scanned for possible viruses by Declude Antivirus. For more information on Declude Antivirus, Visit www.declude.com
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
