Dear Andreas, With the command line you suggested it is detected as virus.
As soon as I add text before and after the EICAR signature, it is not detected anymore as virus. So I tested again with Thunderbird as mail client : same. Basically with the Eicar signature alone in the body, it is detected as virus. As soon as I add text on top of the Eicar signature, it passes through. Is it normal behavior ? cu Bruno Le 11/05/2020 à 17:24, Andreas Metzler a écrit : > On 2020-04-29 brunoc68 <bug...@abcreseau.com> wrote: > [...] >> Actually the virus filtering works, but only with the attachments. The >> issue is the body of the email that goes through with the eicar >> signature ; so I expect any html virus in the body can go through... > [...] > > Hello, > > Are you positive you are testing this correctly? > > swaks -s mail.server -f sender@address -t rcpt@adress --body 'X5O!P...' > > Replace X5O!P... with the full tests string from > https://en.wikipedia.org/wiki/EICAR_test_file > > cu Andreas
