Hi,
I'm running havp 0.92 between Squid 2.7 stable 3 on debian 5. As scanengine I'm using ClamAV 0.97
From time to time I test a download of eicar.com. Since about two weeks a download from
GET 200
http://www.eicar.org/download/eicar.com 436+0 OK
is not recognized as virus, while a download from
GET 200
http://meineipadresse.de/testvirus/eicar.tar 431+1536 VIRUS ClamAV: Eicar-Test-Signature
is blocked, like it should.
I downloaded both files to /tmp of the proxy server and did a
clamscan eicar.com
both files are reported to be infected, a "diff eicar.com eicar.com.1" shows no difference.
The file should not be cached, since i started squid with empty cache and also connected the browser directly to the havp instance.
Any idea?
Best Regards
Peter