An administrator was testing zip files containing txt and com files-- containing the eicar test virus to see if SPE would detect them and then process the files according to the current configuration (repair - delete).

The administrator claimed that the third party program (AxWay Secure Transport) was not receiving word from the SPE engine that there was a problem with the files.

Release : 8.2.2

The problem was that, in the case of the eicar test virus, the following scenario was taking place:

- The file containing the test virus was being uploaded to the Secure Transport server

- The Secure Transport server was posting a request to the SPE server to scan the file.

- The SPE engine was in fact detecting the test virus but it was stripping the test virus out of the zip file. Essentially it was performing a repair.

- Since the test virus was stripped from the zip file the SPE server then sent back a 201 return code to the Secure Transport program. 201 means "Created" which is not reported as an error or problematic.  

So, in fact SPE did detect and neutralize the test virus but the program calling on it to be scanned did not determine return code 201 meant anything other than a variation of "success".  

Incidentally the SPE engine will not clean most infected files but, in the case of the eicar test string, it will clean/repair the file containing it.

Working as designed.