I thought I'd see what happens when an incoming email contains a virus. I found several mentions of eicar, so I went to their site and downloaded the files. However, trying to send these from either a hotmail or mobileme account didn't work as hotmail won't attach the files and mobileme will send but the email never arrives (guess Apple has AV filter).
I found a website (
Send EICAR Test E-Mail to Check Reability of Your Anti-Virus E-Mail Protection) that can send you the eicar files. I tried these two:
Quote:
Clean notification e-mail (to confirm that all your test mails were send as your mail protection software should filter them out)
eicar.com (standard anti-virus test file, recomented for usual test of your e-mail anti-virus protection)
|
The first one I receive because it's just an email, but the second one never arrives. I looked in clamd.log, mailbox.log and zimbra.log and nothing.
However, when I try sending this one:
Quote:
|
eicarpasswd.zip (new! - zip compressed eicar.com with password)
|
I receive the email and can see that the zip file has been detected as a virus and is quarantined!
Is there some intermediary that is stopping the email from the site with eicar.com?
Also, do I manually need to clear the /opt/zimbra/data/amavisad/quarantine folder or is there a cron job that does it?
EDIT: Just found the cronjob that clears the folder everyday at 01:00.
Bugzilla
Wiki
Source
Question about eicar AV test 
Linear Mode
