[clamav-users] Failing eicarcom2.zip test after recent DB update
Al Varnell
alvarnell at mac.com
Sat Feb 8 06:56:08 UTC 2020
A bit of a guess on my part, but I since the hash values for both signatures are identical, normally only the first one encountered would be reported.
Looks like daily-25717 added one signature to the ignore list, which is where my guess that it was “Eicar-Test-Signature” comes in. That would cause the second signature to be the one now reported.
Maybe the signature staff can comment on if and why Eicar is now ignored and if it is allowed to continue perhaps you’ll need to modify your code tests somehow.
Sent from my iPad
-Al-
> On Feb 7, 2020, at 22:44, WagdeZ via clamav-users <clamav-users at lists.clamav.net> wrote:
>
>
> The eicarcom2.zip was always identified with:
> LibClamAV debug: FP SIGNATURE: 44d88612fea8a8f36de82e1278abb02f:68:Eicar-Test-Signature
> but for some reason after the last DB update:
> main.cvd is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
> daily.cvd is up to date (version: 25717, sigs: 2177826, f-level: 63, builder: raynman)
> bytecode.cvd is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)
> it is recognizded as:
> LibClamAV debug: FP SIGNATURE: 44d88612fea8a8f36de82e1278abb02f:68:Clamav.Test.File-7
> and it causes some failure in my code tests
> What am I missing?
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list