Missed ant-virus test

[wprauchholz]

I setup an email server (postfix,dovecot, spanassassinm, amavisd-nre and clamav).
There is a website (https://www.webmail.us/testvirus) which send kind of viruses to you to check security of the installation. From all 26 emails sent, I received 1 with the following text:

Test #23: (Non-Virus): Attachment with a CLSID extension which may hide the real
file extension. <B>This does not include the EICAR virus</B>, however your mail
server should still block this since the CLSID technique can be used to hide the
true extension of a malicious file. ***

If your mail server's virus scanner did not detect this email, it allows some
viruses through! Please note: This test message uses the EICAR test virus, which is
completely benign and contains no viral code. For more information see:
http://www.eicar.org

Is this a lack of clamav viruses database or did I do something wrong in the installation?
Any help is welcomed. Thanks

[blammo]

This is interesting. Two of these tests also got through ClamAV on my system. It stated that these two did NOT contain the EICAR test virus but it should of been blocked because the technique used could infect a system. I searched on the ClamAV mail list and it discusses the problems with the CLSID extension and the Partial (Fragmented) Vulnerability. Apparently it is a limitation of ClamAV. On the other hand ClamAV did block 23 of the 25 infected emails.