[clamav-users] VIRUS ({HEX}EICAR.TEST.10.UNOFFICIAL) in mail FROM [198.148.79.53]
Anssi Johansson
clamav at miuku.net
Tue Oct 3 14:40:46 UTC 2017
Ralph Seichter kirjoitti 3.10.2017 klo 17.33:
>> A virus was found: {HEX}EICAR.TEST.10.UNOFFICIAL
>>
>> First upstream SMTP client IP address: [198.148.79.53]:24855 lists.clamav.net
>> Received from: 198.148.79.53 < 127.0.0.1 < 204.29.186.62 < 172.26.252.15 <
>> 10.76.1.211 < 149.32.192.35
>>
>> Return-Path: <clamav-users-bounces at lists.clamav.net>
>> From: Nymblewyke <nymblewyke at compuserve.com>
>> Sender: "clamav-users" <clamav-users-bounces at lists.clamav.net>
>> Message-ID: <15ee2954485-c0d-126e at webjas-vac032.srv.aolmail.net>
>> Subject: Re: [clamav-users] EICAR file problems
>
> Sending virus samples (including EICAR) to public mailing lists is
> problematic. The lists are not testing grounds, and it can quickly
> earn you a blacklisting with various recipient organisations.
I agree, I understood this a few seconds after I sent my message. My
apologies.
On the other hand, if your virus scanner detected EICAR from my message,
I dare to say that it is broken.
http://www.eicar.org/86-0-Intended-use.html says ".. should detect it in
any file providing that the file starts with the following 68
characters, and is exactly 68 bytes long". The message did not start
with the EICAR string, and the message certainly wasn't 68 bytes long.
For reference, clamscan does not detect EICAR in these messages, and
rightly so.
More information about the clamav-users
mailing list