[clamav-users] ClamAV not picking up Eicar file...

Colin Rogers colinrogers001 at gmail.com
Wed Aug 30 18:40:47 UTC 2017 

I also get signature found when I run clamscan against the file but not
when going through icap. I can see in my c-icap/access.log file that clam
considers the file good to go:

ubuntu-icap:~$ clamscan eicar.com.txt
eicar.com.txt: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 6303395
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 9.843 sec (0 m 9 s)

ubuntu-icap:~$ tail -f /var/log/c-icap/access.log
30/Aug/2017:10:19:37 -0700, 2.2.2.5 2.2.2.2 REQMOD squidclamav 200
30/Aug/2017:10:19:37 -0700, 2.2.2.5 2.2.2.2 RESPMOD squidclamav 200
30/Aug/2017:10:19:41 -0700, 2.2.2.5 2.2.2.2 REQMOD squidclamav 200
30/Aug/2017:10:19:41 -0700, 2.2.2.5 2.2.2.2 RESPMOD squidclamav 200
30/Aug/2017:10:19:48 -0700, 2.2.2.5 2.2.2.2 REQMOD squidclamav 200
30/Aug/2017:10:19:48 -0700, 2.2.2.5 2.2.2.2 RESPMOD squidclamav 200
30/Aug/2017:10:20:48 -0700, 2.2.2.5 2.2.2.2 REQMOD squidclamav 200
30/Aug/2017:10:20:48 -0700, 2.2.2.5 2.2.2.2 RESPMOD squidclamav 200
30/Aug/2017:10:20:48 -0700, 2.2.2.5 2.2.2.2 REQMOD squidclamav 200
30/Aug/2017:10:20:48 -0700, 2.2.2.5 2.2.2.2 RESPMOD squidclamav 200



On Wed, Aug 30, 2017 at 11:37 AM, Alain Zidouemba <azidouemba at sourcefire.com
> wrote:

> $ wget http://www.eicar.org/download/eicar.com.txt
> --2017-08-30 14:35:48--  http://www.eicar.org/download/eicar.com.txt
> Resolving www.eicar.org (www.eicar.org)... 213.211.198.62
> Connecting to www.eicar.org (www.eicar.org)|213.211.198.62|:80...
> connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 68 [application/octet-stream]
> Saving to: 'eicar.com.txt'
>
> eicar.com.txt
> 100%[=======================================================
> ===================================================>]
>      68  --.-KB/s    in 0s
>
> 2017-08-30 14:35:49 (16.5 MB/s) - 'eicar.com.txt' saved [68/68]
>
> $ shasum -a 256 eicar.com.txt
> 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f
>  eicar.com.txt
>
> $ clamscan eicar.com.txt
> *eicar.com.txt: Eicar-Test-Signature FOUND*
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 6303395
> Engine version: 0.99.2
> Scanned directories: 0
> Scanned files: 1
> Infected files: 1
> Data scanned: 0.00 MB
> Data read: 0.00 MB (ratio 0.00:1)
> Time: 15.420 sec (0 m 15 s)
>
>
> On Wed, Aug 30, 2017 at 1:59 PM, Colin Rogers <colinrogers001 at gmail.com>
> wrote:
>
> > Hello Steve,
> >
> > Thank you for getting back to me about this. I can definitely open a bug
> > for this but I would like to make sure it is an actual bug and not a
> > misconfiguration on my part somehow. This was working before so I dont
> > understand why it isnt working any longer. Is there anything I can
> provide
> > to try and troubleshoot this before opening a bug? This is the exact
> file:
> >
> > http://www.eicar.org/download/eicar.com.txt
> >
> > I have renamed it, tried the other files on that page, etc etc to no
> avail.
> >
> > I have attached my squidclamav.conf and clamd.conf files in case I have
> > missed something in those files.
> >
> > Thanks again,
> >
> > Colin
> >
> > On Wed, Aug 30, 2017 at 10:52 AM, Steven Morgan <smorgan at sourcefire.com>
> > wrote:
> >
> > > Colin,
> > >
> > > Please open a bug report @ bugzilla.clamav.net. In the report, please
> > > attach the exact eicar files that you are using.
> > >
> > > Steve
> > >
> > > On Wed, Aug 30, 2017 at 1:01 PM, Colin Rogers <
> colinrogers001 at gmail.com>
> > > wrote:
> > >
> > > > Hello everyone,
> > > >
> > > > I am having some trouble getting my clamav setup to detect infected
> > files
> > > > suddenly. I have downloaded various eicar test files and each one is
> > let
> > > > through clamav without any issues. Im pretty new to this but would
> > > greatly
> > > > appreciate some assistance.
> > > >
> > > > Please let me know what I can provide to get to the bottom of this.
> > > >
> > > > Thank you in advance,
> > > >
> > > > Colin
> > > >
> > > _______________________________________________
> > > clamav-users mailing list
> > > clamav-users at lists.clamav.net
> > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> > >
> > >
> > > Help us build a comprehensive ClamAV guide:
> > > https://github.com/vrtadmin/clamav-faq
> > >
> > > http://www.clamav.net/contact.html#ml
> > >
> > _______________________________________________
> > clamav-users mailing list
> > clamav-users at lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> >
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

More information about the clamav-users mailing list