Hi
One of our clients uses a multiple vendor AV solution (clam included) and
has found an interesting scenario. They get sent signature updates and
fixes from NAI which are sent as a non-passworded zip file. The zip file
typically contains a single binary file and a text readme type file.
On Mon, 15 Mar 2004, Martin A. Brooks wrote:
; Part of the text file is a boilerplate set of instructions on how to make
; an EICAR test file. Clam detects this signature and marks the file as
; being infected. NAI and Norton AV do not.
;
; I'm undecided as to which action is correct and
At 20:02 15/03/2004, you wrote:
Clam's behaviour is incorrect because the Eicar test file page
(http://www.eicar.org/anti_virus_test_file.htm) states:
Any anti-virus product that supports the test file should detect it in any
file providing that the file starts with the following 68 characters,
On Mon, 15 Mar 2004 20:02:49 + (GMT)
Andy Fiddaman [EMAIL PROTECTED] wrote:
On Mon, 15 Mar 2004, Martin A. Brooks wrote:
; Part of the text file is a boilerplate set of instructions on how
to make; an EICAR test file. Clam detects this signature and marks
the file as; being
