ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
AV testfiles from www.eicar.org are not all detected!
moontheloon


Joined: 17 Oct 2006
Posts: 2
Location: Montreal
Reply with quote
Hi,

I downloaded the latest version of Clamwin (0.88.5). Updated the virus definitions.

Wanted to check if the test files from EICAR were detected by Clamwin.
http://www.eicar.org/anti_virus_test_file.htm

They are not all detected as viruses and they should...

Is it normal?
View user's profileSend private message
sherpya


Joined: 22 Mar 2006
Posts: 898
Location: Italy
Reply with quote
Are you sure you have a working main database ?
Code:
C:\ei\eicar.com: Eicar-Test-Signature FOUND
C:\ei\eicar.com.txt: Eicar-Test-Signature FOUND
C:\ei\eicarcom2.zip: Eicar-Test-Signature FOUND
C:\ei\eicar_com.zip: Eicar-Test-Signature FOUND
View user's profileSend private message
main database
moontheloon


Joined: 17 Oct 2006
Posts: 2
Location: Montreal
Reply with quote
How do I check the integrity of the main database?

thx.
View user's profileSend private message
alch
Site Admin

Joined: 27 Nov 2005
Posts: 1751
Reply with quote
clamwin does it for you when it starts
View user's profileSend private message
sherpya


Joined: 22 Mar 2006
Posts: 898
Location: Italy
Reply with quote
also the presence of both main/daily and since eicar is in main this is very strange indeed
View user's profileSend private message
Some EICARs Not Found By ClamWin
GuitarBob


Joined: 09 Jul 2006
Posts: 4511
Location: USA
Reply with quote
ClamWin detected all four EICARs for me on my Win 98 machine--just like AVG did, but, of course, ClamWin took about twice as long. ClamWin couldn't detect the first file after AVG had quarantined and renamed it. I believe this was caused by AVG's renaming or saving it in quarrantine as a different (nonexecutable perhaps )file type. This made me wonder if ClamWin was looking for the name--instead of the signature. Funn thing though... ClamWin was able to detect the other three files as quarrantined/renamed in the AVG quarrantine folder.

So if you're running another antivirus program alongside ClamWin, I suggest you disable it while you are testing ClamWin on EICAR.

Take the raw data from the file that ClamWin couldn't find and copy/save it with Notepad as an executable file (com/exe,bin, bat--etc.) and see what happens. That raw data should be in ClamWin's virus database.

Regards,
View user's profileSend private message
AV testfiles from www.eicar.org are not all detected!
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic