testfile.pdf is an encrypted and password protected file. I have
"ArchiveBlockEncrypted No" in clamd.conf.
And a scan still finds it infected.
server(/tmp): clamdscan --config-file=/apps/clamav/etc/clamd.conf
testfile.pdf
/temp/testfile.pdf: Heuristics.Encrypted.PDF FOUND
Why? How do I stop this?
On 2016-03-15 2:13 PM, Steven Morgan wrote:
Hi,
I took a quick look at the code. The "Heuristics.Encrypted.PDF" is off by
default. Try clamscan --block-encrypted. If you have 'ArchiveBlockEncrypted
yes' in your clamd.conf, it would explain the results you are seeing with
clamdscan.
Is testfile.pdf encrypted?
Check these things out and if it still does not make sense, please open a
bug report at bugzilla.clamav.net.
On Tue, Mar 15, 2016 at 2:07 PM, Scott Galambos <sco...@particlesoftware.com
wrote:
Trying to wrap my head around this.
central(/temp): clamdscan testfile.pdf
/temp/testfile.pdf: Heuristics.Encrypted.PDF FOUND
central(/temp): clamscan testfile.pdf
testfile.pdf: OK
Why does clamdscan find a virus, but clamscan not??
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
