[Avcheck] eicar.com.txt not detected?
Michael Tokarev
mjt@tls.msk.ru
Sat, 16 Feb 2002 14:20:33 +0300
Piotr KUCHARSKI wrote:
>
> Hello,
>
> Playing with new setup of AVP + avcheck ( + postfix) I discovered
> such attachments:
>
> 1.
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: attachment; filename="eicar.com.txt"
>
> X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
>
> 2.
> Content-Type: text/plain; charset=iso-8859-2;
> name="eicar.com"
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline;
> filename="eicar.com"
>
> X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
>
> pass through kavdaemon/scanner undetected. Any ideas?
Change text/plain to application/octet-stream. There is no need to detect
eicar if comes as text.
Regards,
Michael.