Re: [clamav-users] How to disable / ignore Heuristics.Encrypted.PDF ?

Sun, 10 Jul 2011 23:15:09 -0700 

Dear Manish,
I also encountered the same problem and had reported this problem in the mailing list. Following is the comment which I received (from developer). 

-----
On Mon Jun 20 2011 13:40:06 GMT+0200 (CET)
ANANT S ATHAVALE <a...@isac.gov.in> wrote:
Dear Tomasz Kojm,

But by setting ArchiveBlockEncrypted = off, I will not be able to detect
even encrypted zip, am I right?
Yes, you're right. However please keep in mind we create sigs for
encrypted malware, so you should still be able to catch real threats.
May be I should disable ScanPDF?
This will disable the PDF parser, which is required for most sigs for
PDF malware. Disabling ArchiveBlockEncrypted will be more safe.
-----------

Based on this feedback, I have disabled ArchiveBlockEncrypted.

For details, read the thread with following subject in mailing list.

"How to disable blocking Encrypted.pdf alone"

Regards,
ANANT.

--
----- Message from mkathu...@tuxtechnologies.co.in ---------
    Date: Mon, 11 Jul 2011 11:38:03 +0530
    From: Manish Kathuria <mkathu...@tuxtechnologies.co.in>
Reply-To: ClamAV users ML <clamav-users@lists.clamav.net>
 Subject: [clamav-users] How to disable / ignore Heuristics.Encrypted.PDF ?
      To: clamav-users@lists.clamav.net



We are using clamd along with amavisd-new for scanning emails and the
messages having PDF attachments with password protection are being
blocked with the alert :

INFECTED, message contains virus: Heuristics.Encrypted.PDF

Since most of these password protected PDFs are important documents
like bank statements, I want to skip this particular check. I have
tried various permutations but could not figure out the exact
parameter which can be used in clamd.conf file to exclude this
specific category. I also created a local.ign2 file in the virus
database directory with the a single line containing the term
Heuristics.Encrypted.PDF in it but it had no effect.

Any suggestions ?

Thanks,
--
Manish Kathuria
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml




----- End message from mkathu...@tuxtechnologies.co.in -----



Regards,

Anant Athavale.

------------------------------------------------------------------------------
Confidentiality Notice: This e-mail message, including any attachments, is for
the sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.
------------------------------------------------------------------------------

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml






















					Reply via email to