[clamav-users] ClamAV not picking up Eicar file...
Colin Rogers
colinrogers001 at gmail.com
Thu Aug 31 16:03:03 UTC 2017
Hello,
Thank you for the advice. I set that up and saw files being added to the
directory I specified. Scans on those files did not trigger anything. I
then tried the eicarcom2.zip file and that did show as an infected file. It
also showed as infected when I scanned it in the temp directory.
Seems like its not my config but possibly something else. I appreciated the
help and should be able to move forward from here.
Thanks again,
Colin
On Wed, Aug 30, 2017 at 2:06 PM, Steven Morgan <smorgan at sourcefire.com>
wrote:
> Colin,
>
> Is it possible that icap has changed the file in some way? Is it possible
> to set up a test to verify what is sent to ClamAV?
>
> You could also try using the clamd.conf parameters LeaveTemporaryFiles and
> TemporaryDirectory. Then run your file through your squidclamav
> configuration and inspect the file(s) left in the temporary directory.
> Hopefully, it will contain a file that looks something like the eicar. If
> nothing is left there, try it with eicar inside of a zip file.
>
> Steve
>
> On Wed, Aug 30, 2017 at 2:40 PM, Colin Rogers <colinrogers001 at gmail.com>
> wrote:
>
> > I also get signature found when I run clamscan against the file but not
> > when going through icap. I can see in my c-icap/access.log file that clam
> > considers the file good to go:
> >
> > ubuntu-icap:~$ clamscan eicar.com.txt
> > eicar.com.txt: Eicar-Test-Signature FOUND
> >
> > ----------- SCAN SUMMARY -----------
> > Known viruses: 6303395
> > Engine version: 0.99.2
> > Scanned directories: 0
> > Scanned files: 1
> > Infected files: 1
> > Data scanned: 0.00 MB
> > Data read: 0.00 MB (ratio 0.00:1)
> > Time: 9.843 sec (0 m 9 s)
> >
> >
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
More information about the clamav-users
mailing list