From owner-freebsd-questions Mon May 20 8:55:19 2002 Delivered-To: freebsd-questions@freebsd.org Received: from tonnant.cnchost.com (tonnant.concentric.net [207.155.248.72]) by hub.freebsd.org (Postfix) with ESMTP id CB61037B40A for ; Mon, 20 May 2002 08:55:13 -0700 (PDT) Received: from win98 ([208.176.51.227]) by tonnant.cnchost.com id LAA23429; Mon, 20 May 2002 11:55:10 -0400 (EDT) [ConcentricHost SMTP Relay 1.14] From: "Raja Velu" To: "'Jason Taylor'" Cc: Subject: RE: Question on testing UVSCAN Date: Mon, 20 May 2002 10:52:24 -0500 Message-ID: <005c01c20016$5ba7cf80$1d00a8c0@www.micronetusa.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Importance: Normal In-reply-to: <20020520152844.GH3128@uk2.kanda-systems.net> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > > > I used this test file (eicar.com) to test whether I > installed UVSCAN > > > > correctly. I get the following output for 'uvscan -v eicar.com': > > > > > > My output is: > > > > > > -rw-r--r-- 1 jason jason 69 Oct 5 2000 EICAR.COM > > > MD5 (EICAR.COM) = 69630e4574ec6798239b091cda43dca0 > > > /data/home/jason/important/EICAR.COM > > > > My output looks like this: > > > > -rw-r--r-- 1 root users 68 May 20 09:33 EICAR.COM > > MD5 (EICAR.COM) = a5eb4a9756016b6f39f70cf9ab49b2a5 > > > > Should the MD5 output be identical to yours? Also, my byte > size is only 68 > > bytes. I am still using only an evaluation copy. I am not > sure if that could > > be an issue. Pl let me know if any of the differences you see are > > significant. > > I've got a carriage return on mine which explains why mine is > one byte larger. When I correct this the MD5 checksum is > still different to yours. It looks like you have not created > the file properly. > > I'll zip up my EICAR.COM and e-mail it to you offlist. > > Jason. Your file was right. I was missing a hyphen in my file. Thanks for sending it out. Now, I got a bounced reply from amavis saying it found the EICAR test file virus. Also, as it always happens, I found a couple of detections of the "W32/Klez.h@MM" virus almost simultaneously, thus confirming that my setup is indeed working fine. Thanks again for your assistance. Raja To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message