[Clamav-devel] ClamAv not detecting data when sent as file from curl

Brandon Perry bperry.volatile at gmail.com
Thu Jul 16 11:42:17 EDT 2015


The body of the HTTP request in the first is only the EICAR file (though
the 44 and 0 on different lines is odd), but the body of the multi-part
form request is like embedding the EICAR file into different data (ClamAV
doesn't know what a multi-part form is). The multi-part form is no longer
just the EICAR test file, so the signature won't find it.



On Thu, Jul 16, 2015 at 10:32 AM, P K <pkopensrc at gmail.com> wrote:

> Hi Guys,
>
> I am trying to send EICAR data to ClamAv by two ways:
>
> *1.  By sending eicher file data as POST data  -> Virus Detected*
>
> *    command ->  curl -X POST -d @eicar.com.txt http://localhost/test.html
> <http://localhost/test.html>*
>
>      POST /abcd.html HTTP/1.1
>      User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0
> OpenSSL/1.0.1  zlib/1.2.3.4 libidn/1.23 librtmp/2.3
>      Accept: */*
>      Content-Length: 68
>      Content-Type: application/x-www-form-urlencoded
>
>       44
>      X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
>       0
>
> 2. *When i send same with file -> Virus Not Detected*
>
>      *command -> curl -i -F name=eicar.com.txt -F filedata=@eicar.com.txt*
> *http://localhost/test.html <http://localhost/test.html>*
>
>       POST / HTTP/1.1
>       User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0
> OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
>       Accept: */*
>       Content-Length: 369
>       Expect: 100-continue
>       Content-Type: multipart/form-data;
> boundary=----------------------------221b58daed79
>
>       171
>       ------------------------------221b58daed79
>      Content-Disposition: form-data; name="name"
>
>      eicar.com.txt
>      ------------------------------221b58daed79
>      Content-Disposition: form-data; name="filedata";
> filename="eicar.com.txt"
>      Content-Type: text/plain
>
>      X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
>      ------------------------------221b58daed79--
>       0
>
> Any suggestions what i am missing?
>
> Thanks
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>
> http://www.clamav.net/contact.html#ml
>



-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website


More information about the clamav-devel mailing list