[clamav-users] ClamAV+exim: scanner finds not a single malware

Groach groachmail-stopspammingme at yahoo.com
Sat May 28 16:21:30 UTC 2016 

In case you are wondering, and for fairness of evaluation, here are the 
files, and their dates:


C:\Users\User>dir "Z:\ACCESS tests\VIRUSES-take_care_DO_NOT_RUN" /o:d
  Volume in drive Z is DATAPART1
  Volume Serial Number is C4AC-61ED

  Directory of Z:\ACCESS tests\VIRUSES-take_care_DO_NOT_RUN

18/06/2004  16:26                68 eicar.com
01/08/2014  11:02             9,645 Ar01_Annual_Return.zip
01/08/2014  11:12            10,623 Incident_6256120.zip
24/09/2014  13:40            49,152 contention_111924953056769_6STQZ57.txt
24/09/2014  13:40            49,152 contention_111924953056769_6STQZ57.exe
24/09/2014  21:13            32,440 contention_111924953056769_6STQZ57.rar
30/09/2014  12:58            33,816 order_20140930_56311643656.zip
02/11/2015  15:19           103,936 PORDER.DOC
02/11/2015  19:30            36,556 PORDER.7z
03/11/2015  12:05             7,543 IMPORTANT NOTICE.eml
03/11/2015  12:06           141,973 New Purchase Order for  CTY TM PHUC 
LOC TNHH.eml
03/11/2015  12:07             3,140 New Monthly estatement is ready - 
MBNA.eml
04/11/2015  21:59            31,601 Purchase Order 0000035394.7z
07/01/2016  14:19             7,349 Asia_Cn domain name & Internet 
Keyword.eml
07/01/2016  14:19             9,008 Remittance Advisory Email.eml
07/01/2016  14:19            13,554 SPAM filter not applied (  Fwd  BUY 
CILAIS & VIGARA -73% Discount! 1 day shipping!).em
07/01/2016  14:19            25,392 [SPAM] [5.2] Missed package delivery.eml
07/01/2016  14:19           292,225 [SPAM] [5.7] Remittance Advice for 
407.74 GBP.eml
15/01/2016  09:19           254,976 NA8T3OCYI2W8.doc
30/01/2016  20:41             2,336 Inflame your impulse to maximum_POP.eml
24/02/2016  22:34             2,262 invoice_copy_20162743.zip
07/04/2016  09:49           168,379 7193113168.doc
07/04/2016  09:49           182,289 6615166920.doc
26/05/2016  08:09           124,610 4_218_66.dot
28/05/2016  18:14    <DIR>          .
28/05/2016  18:14    <DIR>          ..
               24 File(s)      1,592,025 bytes
                2 Dir(s)  193,649,790,976 bytes free


-----------------  ORIGINAL MESSAGE  -----------

24 files, ALL OF THEM are viruses of some sort or another (including 1 
which is the eicar test virus).

ClamAV database:


----------- SCAN SUMMARY -----------
Known viruses: 4397481
Engine version: 0.99.1
Scanned directories: 0
Scanned files: 24
**Infected files: 10**

Data scanned: 5.27 MB
Data read: 1.48 MB (ratio 3.57:1)
Time: 15.429 sec (0 m 15 s)

--------------------------------------
Completed
--------------------------------------

10.  Just 10.  Out of 24.  And these are all OLD viruses (minimum 2 
months old except 1).


But with SANE DEFINITIONS:

----------- SCAN SUMMARY -----------
Known viruses: 4512349
Engine version: 0.99.1
Scanned directories: 0
Scanned files: 24
**Infected files: 23**

Data scanned: 3.92 MB
Data read: 1.48 MB (ratio 2.65:1)
Time: 17.409 sec (0 m 17 s)

--------------------------------------
Completed
--------------------------------------

Says it all really.  I leave you to make your own conclusions.





On 28/05/2016 16:00, G.W. Haywood wrote:
> Hi there,
>
> On Mon, 23 May 2016, C.D. Cochrane wrote:
>
>> ... ClamAV is just ...
>
> and on Mon, 23 May 2016, Joel Esler wrote:
>
>> Obviously going to disagree. ...
>
> I'll disagree too, since ClamAV here sees approximately one virus per
> annum (and as far as I'm concerned, whether or not ClamAV detects the
> virus that it sees is really not an issue).  For some explanation see
>
> http://marc.info/?l=clamav-users&m=141245133506824&w=2
>

More information about the clamav-users mailing list