[clamav-users] ClamAV not picking up Eicar file...
Steven Morgan
smorgan at sourcefire.com
Wed Aug 30 21:06:55 UTC 2017
Colin,
Is it possible that icap has changed the file in some way? Is it possible
to set up a test to verify what is sent to ClamAV?
You could also try using the clamd.conf parameters LeaveTemporaryFiles and
TemporaryDirectory. Then run your file through your squidclamav
configuration and inspect the file(s) left in the temporary directory.
Hopefully, it will contain a file that looks something like the eicar. If
nothing is left there, try it with eicar inside of a zip file.
Steve
On Wed, Aug 30, 2017 at 2:40 PM, Colin Rogers <colinrogers001 at gmail.com>
wrote:
> I also get signature found when I run clamscan against the file but not
> when going through icap. I can see in my c-icap/access.log file that clam
> considers the file good to go:
>
> ubuntu-icap:~$ clamscan eicar.com.txt
> eicar.com.txt: Eicar-Test-Signature FOUND
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 6303395
> Engine version: 0.99.2
> Scanned directories: 0
> Scanned files: 1
> Infected files: 1
> Data scanned: 0.00 MB
> Data read: 0.00 MB (ratio 0.00:1)
> Time: 9.843 sec (0 m 9 s)
>
>
More information about the clamav-users
mailing list