[Cialug] [OT] AV test

Jeffrey Ollie jeff at ocjtech.us
Tue Oct 6 08:52:12 CDT 2009 

On Tue, Oct 6, 2009 at 8:42 AM, Daniel A. Ramaley
<daniel.ramaley at drake.edu> wrote:
> I have a quick favor to ask.
>
> We're trying to verify that our anti-virus system is actually working at
> detecting viruses inside of zip files. However, every attempt i've made
> to send a virus into Drake has been met with failure as every other e-
> mail system i have access to does not allow for sending viruses.
>
> Could someone who can send unfiltered mail please download eicar_com.zip
> (a test virus file--not a real virus) from the URL below and e-mail it
> to me? Then please send a separate mail letting me know to look for it.
> Hopefully i won't receive the virus, but it will be caught in a
> quarantine. Here's the URL:
> http://www.eicar.org/anti_virus_test_file.htm

Hmm, how soon it is that everyone forgets the power of telnet to send email:

    [jcollie at lt26923 ~]$ telnet proof01.drake.edu. 25
    Trying 192.84.11.6...
    Connected to proof01.drake.edu..
    Escape character is '^]'.
    220 ***********************************************************
    EHLO lt26923.campus.dmacc.edu
    250-dial-proof01.drake.edu Hello [161.210.45.123], pleased to meet you
    250-ENHANCEDSTATUSCODES
    250-PIPELINING
    250-8BITMIME
    250-SIZE
    250-DSN
    250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5
    250-XXXXXXXXA
    250 XXXB
    MAIL From: <jeff at ocjtech.us>
    250 2.1.0 <jeff at ocjtech.us>... Sender ok
    RCPT To: <daniel.ramaley at drake.edu>
    250 2.1.5 <daniel.ramaley at drake.edu>... Recipient ok
    DATA
    354 Enter mail, end with "." on a line by itself
    From: <jeff at ocjtech.us>
    To: <daniel.ramaley at drake.edu>
    Subject: Test
    MIME-Version: 1.0
    Content-Type: application/octet-stream
    Content-Transfer-Encoding: base64

    <yadda yadda yadda>
    .
    250 2.0.0 n96DiLWN004621 Message accepted for delivery
    QUIT
    221 2.0.0 dial-proof01.drake.edu closing connection
    Connection closed by foreign host.

Replace yadda yadda yadda with the base64 encoded content of your choice.

-- 
Jeff Ollie

More information about the Cialug mailing list