[Avcheck] Problem (what else?)
Michael Tokarev
avcheck list <avcheck@list.innominate.org>
Tue, 28 Aug 2001 03:49:39 +0400
"Milan P. Stanic" wrote:
>
[]
> > Note the text in eicar.msg -- I created this file especially to be
> > recognized by avpdaemon (with proper .com extension and content-type
> > things). And it *is* recognized. And it will be recognized in zipped
> > form as well, again, with proper mime/uuencode/... things.
> ^^^^^^^^^^^
> That is it. If I send it as application/octet-stream it is detected, but
> not if text/plain or as text in message body. Strange, but the source
> of problem is found.
;) Well, those my comments inside eicar.msg was there for a long
time, and them was for a purpose... I'm glad you see where was a problem.
> But, I must ask again: Is it worth using if it can detect virus only in
> certain types of messages?
If a MUA (that is, Mail User Agent) will not recognize the file as
something that can be executed, then why antivirus should recognize it?
Ok, this is questionable, but folks at Kaspersky labs decided to
detect eicar only when sent as application/octet-stream and only
with .com extension. I spent some time finding how to "properly"
attach that file to be detectable by AvpDaemon. Note that even
if I set content-type=text/plain, Outlook will try to execute a
file anyway if it have .com extension! Not all versions of it, but
still...
Regards,
Michael.