clamAV not detecting eicar

[gableoley]

I've followed all instruction but something is wrong with clamav (ClamAV 0.96.3).

Thanks in advance for your help

Freebsd FreeBSD 8.1 i386

mail# clamscan eicar_com.zip
eicar_com.zip: OK

----------- SCAN SUMMARY -----------
Known viruses: 842631
Engine version: 0.96.3
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 11.261 sec (0 m 11 s)

 

[AndyUKG]

This wouldn't seem to have anything to do with FreeBSD. It seems either the latest definitions for Clam AV don't detect this virus (in which case you can submit your sample on the clam av site for them to evaluate for inclusion in a future definitions update) or you have not updated your virus definitions (which you would do via the freshclam command or daemon).

thanks Andy.

 

[OH]

Working fine here.

You have zip and/or unzip installed? Make sure you do and then rebuild clamav. There are some configuration options, so do a # make config before you start the build and make sure you have all the "archives support" selected, which in my opinion is good practice anyway.

 

[gableoley]

Yep they're installed. I also followed freebsdrocks qmail installation instructions about selecting in 'make config', could it be something about the version?

 

[gableoley]

I reinstalled it and it's working now, thanks.

 

[SirDice]

It seems either the latest definitions for Clam AV don't detect this virus (in which case you can submit your sample on the clam av site for them to evaluate for inclusion in a future definitions update) or you have not updated your virus definitions (which you would do via the freshclam command or daemon).

You seem to misunderstand what eicar is. Eicar is a test to see if a virusscanner works. It's a special file that every virusscanner can and must detect. A virusscanner handles it like it would a real live virus. But all without the dangers of actually having to handle real live viruses.

http://en.wikipedia.org/wiki/EICAR_test_file

 

[gableoley]

eicar

Yes, I know what eicar is and what it is for. I was testing clamAV with eicar because it is the classic test to see if it is working.

Well, ClamAv is working now, but sending eicar through a mail server doesn't detect it. Hmm, maybe it is the qmail-scanner.

Testing...

 

[DutchDaemon]

SirDice wasn't even responding to you, gableoley. However, I am, and I would like you to read and act on this: Posting and Editing in the FreeBSD Forums II: spelling, grammar, punctuation, etc., because your previous post needed about 10 edits to become 'normal' English.

 

[gableoley]

I'm sorry about that DutchDaemon, I reply before thinking about it. I will take more care in my English writing. Thanks for correcting me (I'm not an english speaker)

For everyone else this is the error I'm getting.

X-Antivirus-xxx.com-1.25-st-qms: Process 3916 closed, parent process died

And thanks for this great forum created to help each other.