[Avcheck] Problem (what else?)
Ralf Hildebrandt
Ralf.Hildebrandt@innominate.com
Tue, 28 Aug 2001 09:12:43 +0200
On Mon, Aug 27, 2001 at 05:31:18PM +0200, Milan P. Stanic wrote:
> Is it possible? It detects ziped eicar but when I send it unziped
> it passes. But why?
Hey, I didn't code kavdaemon :)
> AvpDaemon detects eicar unziped, i.e. when I send it
> through the next command:
>
> /var/spool/avp/uchroot -u avpc / \
> /var/spool/avp/avcheck -n -f root -d /var/spool/avp/./tst \
> -s avp:/var/spool/avp/ctl/AvpCtl root < eicar.msg
But not encoded as mail. Remeber, a mail starts with headers!
Try this:
/var/spool/avp/avcheck -n -f root -d /var/spool/avp/./tst \
-s avp:/var/spool/avp/ctl/AvpCtl root < eicar.msg
where eicar.msg is a "real" mail message, e.g. with headers and
encoding etc.
--
Ralf.Hildebrandt@innominate.com innominate AG
+49.(0)30.308806-62 fax: -77 networking people
If M$ only employs the best programmers, how comes the programs are so bad?