I have the same problem, and already submitted a false positive report. In our case it was a signad pdf, so I suspect that the signature makes it FP. But I have no idea how to work around it now. Maybe disable pdf scanning?
On 04/28/17 16:47, Giuseppe Ravasio wrote: > Hi, > since this morning daily signature update 23337 > and even with the latest one 23338 > my amavis flags some emails with PDF attachments as virus: > Pdf.Exploit.CVE_2017_3039-6300177-0 FOUND > > Checking the PDF with other AVs and even with clamscan (on the same > server) results in a clean file: > > beppe@thot:/tmp$ clamscan TCA.pdf > TCA.pdf: OK > > ----------- SCAN SUMMARY ----------- > Known viruses: 6272759 > Engine version: 0.99.2 > Scanned directories: 0 > Scanned files: 1 > Infected files: 0 > Data scanned: 0.22 MB > Data read: 0.08 MB (ratio 2.71:1) > Time: 17.277 sec (0 m 17 s) > > if I check the file with clamdscan I get the virus found: > beppe@thot:/tmp$ clamdscan TCA.pdf > /tmp/TCA.pdf: Pdf.Exploit.CVE_2017_3039-6300177-0 FOUND > > ----------- SCAN SUMMARY ----------- > Infected files: 1 > Time: 0.032 sec (0 m 0 s) > > Any hints on how to solve the problem? > > Thanks > Giuseppe > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml