Re: [clamav-users] VIRUS ({HEX}EICAR.TEST.10.UNOFFICIAL) in mail FROM [198.148.79.53]

2017-10-03 Thread Ralph Seichter
On 03.10.17 16:40, Anssi Johansson wrote: > if your virus scanner detected EICAR from my message, I dare to say > that it is broken. Check the headers in my message again, I was quoting a report generated for one of Nymblewyke's messages, not for yours. I know customer setups which will

Re: [clamav-users] VIRUS ({HEX}EICAR.TEST.10.UNOFFICIAL) in mail FROM [198.148.79.53]

2017-10-03 Thread Matthew Molyett
A slight tangent, which I bring up since I have seen it discussed on Twitter: Clam AV will erroneously trigger on some specific EICAR false positives due to file normalization. The example that was being discussed at that time was a whitespace prepended file. Since the EICAR string is all

Re: [clamav-users] VIRUS ({HEX}EICAR.TEST.10.UNOFFICIAL) in mail FROM [198.148.79.53]

2017-10-03 Thread Anssi Johansson
Ralph Seichter kirjoitti 3.10.2017 klo 17.33: A virus was found: {HEX}EICAR.TEST.10.UNOFFICIAL First upstream SMTP client IP address: [198.148.79.53]:24855 lists.clamav.net Received from: 198.148.79.53 < 127.0.0.1 < 204.29.186.62 < 172.26.252.15 < 10.76.1.211 < 149.32.192.35 Return-Path:

Re: [clamav-users] VIRUS ({HEX}EICAR.TEST.10.UNOFFICIAL) in mail FROM [198.148.79.53]

2017-10-03 Thread Ralph Seichter
> A virus was found: {HEX}EICAR.TEST.10.UNOFFICIAL > > First upstream SMTP client IP address: [198.148.79.53]:24855 lists.clamav.net > Received from: 198.148.79.53 < 127.0.0.1 < 204.29.186.62 < 172.26.252.15 < > 10.76.1.211 < 149.32.192.35 > > Return-Path: