Hi, Thank you for your reply. I understood very well. It was useful to me.
Regards, T.O On Wed, 11 Oct 2023 15:40:37 +0300 Maxim Britov via clamav-users <clamav-users@lists.clamav.net> wrote: > On 10.10.2023 13:32, Tsutomu Oyamada wrote: > > Hi, all > > > > We received following report from one of our users. > > The user is uisng Clamd0.103 on AIX7,2. > > > > When clamd with the option "ArchiveBlockEncrypted" ON scans a specifc PDF > > which is locked for editing, it is detected as "Heuristics.Encrypted.PDF > > FOUND". > > https://github.com/Cisco-Talos/clamav/issues/770 > > $ pdf-parser.py -o 40 214-230137_01_006.pdf > > obj 40 0 > Type: > Referencing: > > << > /EncryptMetadata true > /P -1852 > /U > << > /StdCF > << > /Type /CryptFilter > /Length 16 > /AuthEvent /DocOpen > /CFM /AESV2 > >> > >> > /Length 128 > /V 4 > /Filter /Standard > >> > > > > The PDF is locked for editing, but not locked for viewing. > > The PDF file can be found at the following URL. > > https://www.promark-inc.com/dl/temp/214-230137_01_006.pdf > > > > It looks like the same behavior when clamd scans a PDF which is locked for > > viewing. > > The log is as follows; > > > > Fri Sep 29 14:35:33 2023 -> /home/user/214-230137_01_006.pdf: > > Heuristics.Encrypted.PDF(52d94f1cc9d57e3b350c4cec85c68387:222005) FOUND > > > > We could reproduce the behavior on our test environment, clamd daemon 1.0.2 > > (OS: Linux, ARCH: x86_64, CPU: x86_64). > > > > Could you tell us how to fix it to scan that PDF properly? > > > > T.O > > > > _______________________________________________ > > > > Manage your clamav-users mailing list subscription / unsubscribe: > > https://lists.clamav.net/mailman/listinfo/clamav-users > > > > > > Help us build a comprehensive ClamAV guide: > > https://github.com/Cisco-Talos/clamav-documentation > > > > https://docs.clamav.net/#mailing-lists-and-chat > > _______________________________________________ > > Manage your clamav-users mailing list subscription / unsubscribe: > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/Cisco-Talos/clamav-documentation > > https://docs.clamav.net/#mailing-lists-and-chat _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
