Re: [clamav-users] Couple problems
Hi, I took a quick look at the code. The "Heuristics.Encrypted.PDF" is off by default. Try clamscan --block-encrypted. If you have 'ArchiveBlockEncrypted yes' in your clamd.conf, it would explain the results you are seeing with milter. Is testfile.pdf encrypted? Check these things out and if it still does not make sense, please open a bug report at bugzilla.clamav.net. Heuristic signatures cannot be whitelisted. There is a bugzilla enhancement request for this already. May be in a future release. Steve ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Couple problems
Does anyone know why the following might be happening? I'm running ClamAV 0.99.1 on Linux and clamav-milter/sendmail to scan mail for viruses. Everything runs fine. Today I had PDF (testfile.pdf) file that was a false positive. Here are two problems I ran into. 1) When the testfile.pdf is scanned locally it is clean. Eg. central(/temp): clamscan testfile.pdf testfile.pdf: OK --- SCAN SUMMARY --- Known viruses: 6433527 Engine version: 0.99.1 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.15 MB Data read: 0.06 MB (ratio 2.53:1) Time: 24.159 sec (0 m 24 s) But when the same file is being emailed in it is caught by clamav-milter as a virus: central(/var/adm): grep "Heuristics.Encrypted.PDF" clamav-milter.log Message from to infected by Heuristics.Encrypted.PDF Why? 2) I would also like to whitelist this signature so I add "Heuristics.Encrypted.PDF" to local.ign2 in my database directory but the file is still found as a virus by clamav-milter. Nothing changes. central(/temp): uname -a Linux central 3.10.18 #14 SMP Sun Jan 26 11:22:30 EST 2014 x86_64 Intel(R) Xeon(R) CPU E5-2630 v3 @ 2.40GHz GenuineIntel GNU/Linux ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
