/Main_Page

::You must have ninja focus to complete your mission::NinjaFocus::

Testing Clamav

Views:


From a remote machine allowed access clamd, use clamd-stream-client with the clamav test virus files. The test virus files are built when compiling clamav http://www.clamav.net/download/third-party-tools/3rdparty-misc 

kjw-1:clamav-0.97-test-files kieranwhitbread$ for virus in clam*; do echo "$virus: $(clamd-stream-client -d clamd.example.com < $virus )"; done
clam-aspack.exe: ClamAV-Test-File
clam-fsg.exe: ClamAV-Test-File
clam-mew.exe: ClamAV-Test-File
clam-nsis.exe: ClamAV-Test-File
clam-pespin.exe: ClamAV-Test-File
clam-petite.exe: ClamAV-Test-File
clam-upack.exe: ClamAV-Test-File
clam-upx.exe: ClamAV-Test-File
clam-v2.rar: ClamAV-Test-File
clam-v3.rar: ClamAV-Test-File
clam-wwpack.exe: ClamAV-Test-File
clam-yc.exe: ClamAV-Test-File
clam.7z: ClamAV-Test-File
clam.arj: ClamAV-Test-File
clam.bin-be.cpio: ClamAV-Test-File
clam.bin-le.cpio: ClamAV-Test-File
clam.bz2.zip: ClamAV-Test-File
clam.cab: ClamAV-Test-File
clam.chm: ClamAV-Test-File
clam.d64.zip: ClamAV-Test-File
clam.ea05.exe: ClamAV-Test-File
clam.ea06.exe: ClamAV-Test-File
clam.exe: ClamAV-Test-File
clam.exe.binhex: ClamAV-Test-File
clam.exe.bz2: ClamAV-Test-File
clam.exe.html: ClamAV-Test-File
clam.exe.mbox.base64: ClamAV-Test-File
clam.exe.mbox.uu: ClamAV-Test-File
clam.exe.rtf: ClamAV-Test-File
clam.exe.szdd: ClamAV-Test-File
clam.impl.zip: ClamAV-Test-File
clam.mail: ClamAV-Test-File
clam.newc.cpio: ClamAV-Test-File
clam.odc.cpio: ClamAV-Test-File
clam.ole.doc: ClamAV-Test-File
clam.pdf: ClamAV-Test-File
clam.ppt: ClamAV-Test-File
clam.sis: ClamAV-Test-File
clam.tar.gz: ClamAV-Test-File
clam.tnef: ClamAV-Test-File
clam.zip: ClamAV-Test-File
clam_IScab_ext.exe: ClamAV-Test-File
clam_IScab_int.exe: ClamAV-Test-File
clam_ISmsi_ext.exe: ClamAV-Test-File
clam_ISmsi_int.exe: ClamAV-Test-File
clam_cache_emax.tgz: ClamAV-Test-File


Telnet to port 3310 on the clamd machine:- 

kjw-1:~ kieranwhitbread$ telnet clamd.example.com 3310
Trying 10.10.0.57...
Connected to clamd.example.com.
Escape character is '^]'.
STREAM
PORT 1480

make another telnet connection to that port number. submit the test string in and close the connection. 

kjw-1:~ kieranwhitbread$ telnet clamd.example.com 1480
Trying 10.10.0.57...
Connected to clamd.example.com.
Escape character is '^]'.
$CEliacmaTrESTuScikgsn$FREE-TEST-SIGNATURE$EEEEE$
^]
telnet> Connection closed.

look at the original connection. It should state that it found the test signature. 

kjw-1:~ kieranwhitbread$ telnet clamd.example.com 3310
Trying 10.10.0.57...
Connected to clamd.example.com.
Escape character is '^]'.
STREAM
PORT 1480
stream: ClamAV-Test-Signature FOUND
Connection closed by foreign host.

and an entry should be made in the clamd log 

$ sudo grep ClamAV-Test-Signature /var/log/clamd
Mon Mar 28 17:42:13 2011 -> stream(138.37.8.42@1480): ClamAV-Test-Signature FOUND
Retrieved from "http://wiki.ninjafocus.net/Testing_Clamav"

Main Menu

Personal tools

Toolbox