[Mimedefang] quick heads up: tampered zip passes viruscheck

Mark admin at asarian-host.net
Fri Oct 22 05:50:45 EDT 2004


Matthew.van.Eerde at hbinc.com wrote:

> -----Original Message-----
> From: Jan Pieter Cornet [mailto:johnpc at xs4all.nl]
> This came by on the clamav mailinglist, and it went straight through
> both of my virus scanners built into mimedefang:
>
> http://www.xs4all.nl/~johnpc/eicar-hidden2.zip
>
> It's a tampered .zip file which includes a copy of EICAR. You might
> want to test how your virus scanners handle it. At least "zip" from
> InfoZip unpacks it, albeit with a warning, producing a "real"
> virus (EICAR).

Hmm, Kaspersky Lab. AntiVirus 3.0 (for FreeBSD) does not detect it either.
:( And Zip 2.3 (also for FreeBSD) unpacks to eicar.com without even so much
as an error.

- Mark

        System Administrator Asarian-host.org

---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx




More information about the MIMEDefang mailing list