[clamav-users] EICAR file problems

Nymblewyke nymblewyke at compuserve.com
Tue Oct 3 14:13:06 UTC 2017 

Here are some details. Seems like it should work, just trying to find the log to see if there is an issue.


I tried what you tried:


[/]# echo 'X50!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' > eicar.text
[/]# clamscan eicar.text
LibClamAV Warning: **************************************************
LibClamAV Warning: ***  The virus database is older than 7 days!  ***
LibClamAV Warning: ***   Please update it as soon as possible.    ***
LibClamAV Warning: **************************************************
eicar.text: OK

----------- SCAN SUMMARY -----------
Known viruses: 6303705
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 8.035 sec (0 m 8 s)





clamd.log



Tue Sep 26 12:00:42 2017 -> +++ Started at Tue Sep 26 12:00:42 2017
Tue Sep 26 12:00:42 2017 -> Received 0 file descriptor(s) from systemd.
Tue Sep 26 12:00:42 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Tue Sep 26 12:00:42 2017 -> Log file size limited to 2097152 bytes.
Tue Sep 26 12:00:42 2017 -> Reading databases from /usr/local/share/clamav
Tue Sep 26 12:00:42 2017 -> Not loading PUA signatures.
Tue Sep 26 12:00:42 2017 -> Bytecode: Security mode set to "TrustSigned".
Tue Sep 26 12:01:00 2017 -> Loaded 6303705 signatures.
Tue Sep 26 12:01:01 2017 -> LOCAL: Unix socket file /tmp/clamd.socket
Tue Sep 26 12:01:01 2017 -> LOCAL: Setting connection queue length to 200
Tue Sep 26 12:01:01 2017 -> Limits: Global size limit set to 104857600 bytes.
Tue Sep 26 12:01:01 2017 -> Limits: File size limit set to 26214400 bytes.
Tue Sep 26 12:01:01 2017 -> Limits: Recursion level limit set to 16.
Tue Sep 26 12:01:01 2017 -> Limits: Files limit set to 10000.
Tue Sep 26 12:01:01 2017 -> Limits: Core-dump limit is 0.
Tue Sep 26 12:01:01 2017 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Tue Sep 26 12:01:01 2017 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes.
Tue Sep 26 12:01:01 2017 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Tue Sep 26 12:01:01 2017 -> Limits: MaxScriptNormalize limit set to 5242880 bytes.
Tue Sep 26 12:01:01 2017 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Tue Sep 26 12:01:01 2017 -> Limits: MaxPartitions limit set to 50.
Tue Sep 26 12:01:01 2017 -> Limits: MaxIconsPE limit set to 100.
Tue Sep 26 12:01:01 2017 -> Limits: MaxRecHWP3 limit set to 16.
Tue Sep 26 12:01:01 2017 -> Limits: PCREMatchLimit limit set to 10000.
Tue Sep 26 12:01:01 2017 -> Limits: PCRERecMatchLimit limit set to 5000.
Tue Sep 26 12:01:01 2017 -> Limits: PCREMaxFileSize limit set to 26214400.
Tue Sep 26 12:01:01 2017 -> Archive support enabled.
Tue Sep 26 12:01:01 2017 -> Algorithmic detection enabled.
Tue Sep 26 12:01:01 2017 -> Portable Executable support enabled.
Tue Sep 26 12:01:01 2017 -> ELF support enabled.
Tue Sep 26 12:01:01 2017 -> Mail files support enabled.
Tue Sep 26 12:01:01 2017 -> OLE2 support enabled.
Tue Sep 26 12:01:01 2017 -> PDF support enabled.
Tue Sep 26 12:01:01 2017 -> SWF support enabled.
Tue Sep 26 12:01:01 2017 -> HTML support enabled.
Tue Sep 26 12:01:01 2017 -> XMLDOCS support enabled.
Tue Sep 26 12:01:01 2017 -> HWP3 support enabled.
Tue Sep 26 12:01:01 2017 -> Self checking every 600 seconds.
Tue Sep 26 12:01:01 2017 -> Listening daemon: PID: 763
Tue Sep 26 12:01:01 2017 -> MaxQueue set to: 100
Tue Sep 26 12:01:01 2017 -> ScanOnAccess: notifying only for access attempts.
Tue Sep 26 12:01:01 2017 -> ScanOnAccess: Protecting '/' and rest of mount.
Tue Sep 26 12:01:01 2017 -> ScanOnAccess: Max file size limited to 5242880 bytes
Tue Sep 26 12:11:01 2017 -> SelfCheck: Database status OK.
Tue Sep 26 12:21:01 2017 -> SelfCheck: Database status OK.
Tue Sep 26 12:31:01 2017 -> SelfCheck: Database status OK.
Tue Sep 26 12:41:01 2017 -> SelfCheck: Database status OK.
Tue Sep 26 12:51:01 2017 -> SelfCheck: Database status OK.
Tue Sep 26 13:01:01 2017 -> SelfCheck: Database status OK.
Tue Sep 26 13:11:01 2017 -> SelfCheck: Database status OK.
Tue Sep 26 13:21:01 2017 -> SelfCheck: Database status OK.
Tue Sep 26 13:31:02 2017 -> SelfCheck: Database status OK.
Tue Sep 26 13:41:02 2017 -> SelfCheck: Database status OK.
Tue Sep 26 13:51:02 2017 -> SelfCheck: Database status OK.
Tue Sep 26 14:01:02 2017 -> SelfCheck: Database status OK.
Tue Sep 26 14:11:02 2017 -> SelfCheck: Database status OK.
Tue Sep 26 14:21:02 2017 -> SelfCheck: Database status OK.
Tue Sep 26 14:31:02 2017 -> SelfCheck: Database status OK.
Tue Sep 26 14:41:02 2017 -> SelfCheck: Database status OK.
Tue Sep 26 14:51:02 2017 -> SelfCheck: Database status OK.
Tue Sep 26 15:01:02 2017 -> SelfCheck: Database status OK.
Tue Sep 26 15:11:02 2017 -> SelfCheck: Database status OK.
Tue Sep 26 15:21:02 2017 -> SelfCheck: Database status OK.
Tue Sep 26 15:31:02 2017 -> SelfCheck: Database status OK.
Tue Sep 26 15:41:02 2017 -> SelfCheck: Database status OK.
Tue Sep 26 15:51:02 2017 -> SelfCheck: Database status OK.
Tue Sep 26 16:01:02 2017 -> SelfCheck: Database status OK.
Tue Sep 26 16:11:02 2017 -> SelfCheck: Database status OK.
Tue Sep 26 16:21:02 2017 -> SelfCheck: Database status OK.
Tue Sep 26 16:31:02 2017 -> SelfCheck: Database status OK.
Tue Sep 26 16:41:03 2017 -> SelfCheck: Database status OK.
Tue Sep 26 16:51:03 2017 -> SelfCheck: Database status OK.
Tue Sep 26 17:01:03 2017 -> SelfCheck: Database status OK.
Tue Sep 26 17:11:03 2017 -> SelfCheck: Database status OK.
Tue Sep 26 17:21:03 2017 -> SelfCheck: Database status OK.








-----Original Message-----
From: Anssi Johansson <clamav at miuku.net>
To: clamav-users <clamav-users at lists.clamav.net>
Sent: Tue, Oct 3, 2017 7:42 am
Subject: Re: [clamav-users] EICAR file problems

Nymblewyke kirjoitti 3.10.2017 klo 13.20:
> Trying to trigger CLAMAV with an EICAR file for a test. The file reacts on a windows machine, but on a redhat machine using clamav there is no trigger at all. We are using the standard eicar text file. Any thoughts on where to look for details on why it might not be triggering.

How are you testing? This works for me (beware of word wraps):

$ echo 
'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' > 
eicar.com

$ clamscan eicar.com
eicar.com: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 6304475
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 8.476 sec (0 m 8 s)
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

More information about the clamav-users mailing list