From time to time, ClamAV may appear to not be flagging spam correctly. One step in your troubleshooting process should be to make sure that ClamAV is working as intended. The easiest and quickest way to do this would be with an eicar file. Let’s run though how to do that.

Step one is to download the eicar file with this command:

[~]# wget -nv
2014-11-04 11:51:44 URL: [70/70] -> "" [1]

Then you scan the file with this command:

[~]# clamscan -i Eicar-Test-Signature FOUND
----------- SCAN SUMMARY -----------
Known viruses: 2876725
Engine version: 0.97.8
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 5.749 sec (0 m 5 s)

You can also test a zipped virus, and a double-zipped virus with the files below, and scan them with the same command provided above:

Zipped virus:

[~]# wget -nv
2014-11-04 11:57:11 URL: [186/186] -> "" [1]

Double-zipped Virus (The file above, zipped again)

[~]# wget -nv
2014-11-04 11:57:17 URL: [252/252] -> "" [1]