Hello, I recently stumbled upon a lot of findings for PDF files with "Heuristics.Encrypted.PDF". Those PDF files are viewable but have permissions restricted.
It seems to be a known issue and is already reported here: https://github.com/Cisco-Talos/clamav/issues/770. My question to this is whether the rest of the PDF file is at least scanned in such cases? I.e. is the unencrypted part (which is what we normally view) scanned or is a scan aborted/not started when part of a PDF file is found to be encrypted? Cheers, Sergej Herbert
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
