[clamav-users] Failing eicarcom2.zip test after recent DB update
Al Varnell
alvarnell at mac.com
Tue Feb 11 04:58:38 UTC 2020
Yes, I think we all knew most of that from the OP. Is "Sample ID 33522083" an internal reference number of some sort and exactly what is being researched?
I think the only question remaining is why is the "Eicar-Test-Signature" now being ignored?
-Al-
On Mon, Feb 10, 2020 at 11:01 AM, David Raynor wrote:
> So the "testfile" is Sample ID 33522083, which is 44d88612fea8a8f36de82e1278abb02f and 68 bytes. Researching.
>
> Dave R.
>
> On Sat, Feb 8, 2020 at 1:57 AM Al Varnell via clamav-users <clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>> wrote:
> A bit of a guess on my part, but I since the hash values for both signatures are identical, normally only the first one encountered would be reported.
>
> Looks like daily-25717 added one signature to the ignore list, which is where my guess that it was “Eicar-Test-Signature” comes in. That would cause the second signature to be the one now reported.
>
> Maybe the signature staff can comment on if and why Eicar is now ignored and if it is allowed to continue perhaps you’ll need to modify your code tests somehow.
>
> Sent from my iPad
>
> -Al-
>
> > On Feb 7, 2020, at 22:44, WagdeZ via clamav-users <clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>> wrote:
> >
> >
> > The eicarcom2.zip was always identified with:
> > LibClamAV debug: FP SIGNATURE: 44d88612fea8a8f36de82e1278abb02f:68:Eicar-Test-Signature
> > but for some reason after the last DB update:
> > main.cvd is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
> > daily.cvd is up to date (version: 25717, sigs: 2177826, f-level: 63, builder: raynman)
> > bytecode.cvd is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)
> > it is recognizded as:
> > LibClamAV debug: FP SIGNATURE: 44d88612fea8a8f36de82e1278abb02f:68:Clamav.Test.File-7
> > and it causes some failure in my code tests
> > What am I missing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20200210/45c207c7/attachment.htm>
More information about the clamav-users
mailing list