Thoughts about finding viruses in email inboxes

Matthew Flaschen matthew.flaschen at
Mon Mar 30 05:41:13 UTC 2009

Leonard Chatagnier wrote:
> Sorry, don't do scripting; don't understand it.

All it does is create four random files with the same size as EICAR.
You can cut and paste it into bash.

>> clamscan -i -r avtest wget -O
>> avtest/c clamscan -i -r avtest
>> It prints:
>> avtest/c: Eicar-Test-Signature FOUND
>> Of course, there are other clamav options you can use, but this one
>> is simple and in line with what you want.
> My options, above to answer your question, only contained an
> additional -v(verbose option) and the only output I had was that so
> many(a number) of viruses were found.

Using -v, I still see the virus printed out.  The overall command then is:

clamscan -vir avtest

In this case, the virus found is Eicar-Test-Signature, but I would
expect the same form of output for a real virus.

> BTW, clamav reports that version 0.95 is available but not in
> Intrepid/backports. Went to the listed faq url page and found nothing
> but source code and unapproved deb files for Ubuntu.  What should a
> Ubuntu user do if he can't compile(and doesn't want to learn how at
> his old age) to get the latest version of clamav.

File a bug (if you're sure there is one), and wait for it to make into
the main repo.  Other than that, I don't know what to tell you.  I see
no sign of this bug in the version in hardy backports.

Matt Flaschen

More information about the ubuntu-users mailing list