I'm working on finding infection points in EML file format. Want to know on what grounds does a scanner declare an email as spam or attachment as malicious?
I mean does it scan by MIME content or any other pointer, Is malicious content detectable based on just file type/MIME content? How is the attachment scanned?
I had put the EICAR test string on a check against ESET scan to detect it as malicious, but the file came out clean, whereas all standard anti viruses declare the EICAR as antivirus test or something of sorts.