- ... the file starts with the following 68 characters, and is exactly 68 bytes long: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
- It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. The only whitespace characters allowed are the space character, tab, LF, CR, CTRL-Z.
There was a previous discussion on this the day that the EICAR signature was apparently moved to the ignore list which caused the Clamav.Test.File-7 signature to begin identifying such files. After a few days the testfile signature was dropped, but nobody from the ClamAV signature staff ever commented to the discussion.See <https://www.mail-archive.com/clamav-users@lists.clamav.net/msg48483.html>Sent from my iPad-Al-On Feb 20, 2020, at 11:58, Chapman, John via clamav-users <clamav-users@lists.clamav.net> wrote:Hello,
With recent virus definition updates, we have noticed that the standard EICAR text files are intermittently not being flagged as having a virus. There is an existing bug report for this here: https://bugzilla.clamav.net/show_bug.cgi?id=12490. Has anyone else been experiencing this issue?
Thanks,
John Chapman
Sr. SDE @ Amazon
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml