[Avcheck] Undelivered Mail Returned to Sender (fwd)
Milan P. Stanic
mps@rns-nis.co.yu
Thu, 13 Feb 2003 17:00:11 +0100
On Thu, Feb 13, 2003 at 09:54:07AM -0200, Marcio Merlone wrote:
> Em Wed, 12 Feb 2003 22:37:13 +0100, "Milan P. Stanic"
> <mps@rns-nis.co.yu> escreveu:
>
> (...)
> > It has support for MIME in libclam, but it looks like it does not
> > work or I don't know how to prove it. In the README file they mention
> > MIME header but without explanation if that works.
> >
> > It detects eicar.txt in attachment but didn't catch eicar.zip, in
^^^^^^^^^
I should write: mail attachment base64 encoded, above.
> > my testing at least.
>
> According to their documentation, it has built-in support for RAR
> (2.0), Zip, Gzip.
I know
> My tests:
>
> [mmerlone@merlone clamav-0.54]$ clamscan -r --infected
> /home/mmerlone/src/clamav-0.54/test/test1: ClamAV-Test-Signature FOUND
> /home/mmerlone/src/clamav-0.54/test/test2.zip: ClamAV-Test-Signature
> FOUND/home/mmerlone/src/clamav-0.54/test/test3.rar:
> ClamAV-Test-Signature FOUND
> /home/mmerlone/src/clamav-0.54/message.eml: Exploit.IFrame
> FOUND
> /home/mmerlone/src/clamav-0.54/message.zip: Exploit.IFrame
> FOUND
> /home/mmerlone/src/clamav-0.54/message.tgz: Exploit.IFrame FOUND
I already did that with same results. And it can find virus in the
eicar.zip file, but can't if I send the same file as MIME message to
myself.
> But I did test with eicar.txt, zip and tgz and none where found... try
> with another virus to see what happens.
Good idea. I'll try, but if it can't detect eicar I think it isn't
for production use.
Milan