On 2016-05-22 12:14:29 [+0200], Sebastian Andrzej Siewior wrote:
> Ah. You scan for the eicar sample. Okay. So you try to do something like
> we do in [0] ? Because that shouldn't work:
> |$ sigtool -lbytecode.cvd
> |BC.Win32.Patched.User32
> |BC.PDF.{JS.HighEntropy}
> |BC.ClamAV-Test-File-detected-via-bytecode.{}
> |ClamAV-Test-File
> |Internal-Test-Signature
>
> since I don't see the "Eicar-Test-Signature" in it. So if you use the
> bytecode.cvd from the clamav test-repo you have to test against the files
> in the testfiles package.
> If this is what you plan then I could a file like sample.cvd which is
> the bytecode.cvd with the 5 signatures.
*ping*
> [0] https://sources.debian.net/src/clamav/0.99.2%2Bdfsg-2/debian/tests/clamd/
Sebastian
