Hi, all We received following report from one of our users. The user is uisng Clamd0.103 on AIX7,2.
When clamd with the option "ArchiveBlockEncrypted" ON scans a specifc PDF which is locked for editing, it is detected as "Heuristics.Encrypted.PDF FOUND". The PDF is locked for editing, but not locked for viewing. The PDF file can be found at the following URL. https://www.promark-inc.com/dl/temp/214-230137_01_006.pdf It looks like the same behavior when clamd scans a PDF which is locked for viewing. The log is as follows; Fri Sep 29 14:35:33 2023 -> /home/user/214-230137_01_006.pdf: Heuristics.Encrypted.PDF(52d94f1cc9d57e3b350c4cec85c68387:222005) FOUND We could reproduce the behavior on our test environment, clamd daemon 1.0.2 (OS: Linux, ARCH: x86_64, CPU: x86_64). Could you tell us how to fix it to scan that PDF properly? T.O _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
