Bug#959004: exim4-daemon-heavy: exiscan is missing EICAR signature in message body but finds it in attachment
brunoc68
bugs01 at abcreseau.com
Tue May 12 07:49:08 BST 2020
Dear Andreas,
With the command line you suggested it is detected as virus.
As soon as I add text before and after the EICAR signature, it is not
detected anymore as virus.
So I tested again with Thunderbird as mail client : same.
Basically with the Eicar signature alone in the body, it is detected as
virus.
As soon as I add text on top of the Eicar signature, it passes through.
Is it normal behavior ?
cu Bruno
Le 11/05/2020 à 17:24, Andreas Metzler a écrit :
> On 2020-04-29 brunoc68 <bugs01 at abcreseau.com> wrote:
> [...]
>> Actually the virus filtering works, but only with the attachments. The
>> issue is the body of the email that goes through with the eicar
>> signature ; so I expect any html virus in the body can go through...
> [...]
>
> Hello,
>
> Are you positive you are testing this correctly?
>
> swaks -s mail.server -f sender at address -t rcpt at adress --body 'X5O!P...'
>
> Replace X5O!P... with the full tests string from https://en.wikipedia.org/wiki/EICAR_test_file
>
> cu Andreas
More information about the Pkg-exim4-maintainers
mailing list