ClamWin Free Antivirus :: View topic - AV testfiles from www.eicar.org are not all detected!

Posted: Tue Oct 17, 2006 11:10 pm

Hi,

I downloaded the latest version of Clamwin (0.88.5). Updated the virus definitions.

Wanted to check if the test files from EICAR were detected by Clamwin.
https://www.eicar.org/anti_virus_test_file.htm

They are not all detected as viruses and they should...

Is it normal?

Posted: Wed Oct 18, 2006 2:03 am

Are you sure you have a working main database ?

Code:

C:\ei\eicar.com: Eicar-Test-Signature FOUND
C:\ei\eicar.com.txt: Eicar-Test-Signature FOUND
C:\ei\eicarcom2.zip: Eicar-Test-Signature FOUND
C:\ei\eicar_com.zip: Eicar-Test-Signature FOUND

Posted: Wed Oct 18, 2006 2:49 am

How do I check the integrity of the main database?

thx.

Posted: Wed Oct 18, 2006 4:17 am

clamwin does it for you when it starts

Posted: Wed Oct 18, 2006 5:17 am

also the presence of both main/daily and since eicar is in main this is very strange indeed

Posted: Wed Oct 18, 2006 3:17 pm

ClamWin detected all four EICARs for me on my Win 98 machine--just like AVG did, but, of course, ClamWin took about twice as long. ClamWin couldn't detect the first file after AVG had quarantined and renamed it. I believe this was caused by AVG's renaming or saving it in quarrantine as a different (nonexecutable perhaps )file type. This made me wonder if ClamWin was looking for the name--instead of the signature. Funn thing though... ClamWin was able to detect the other three files as quarrantined/renamed in the AVG quarrantine folder.

So if you're running another antivirus program alongside ClamWin, I suggest you disable it while you are testing ClamWin on EICAR.

Take the raw data from the file that ClamWin couldn't find and copy/save it with Notepad as an executable file (com/exe,bin, bat--etc.) and see what happens. That raw data should be in ClamWin's virus database.

Regards,