[clamav-users] Why does this happen?
Scott Galambos
scottg at particlesoftware.com
Tue Mar 15 21:37:52 UTC 2016
testfile.pdf is an encrypted and password protected file. I have
"ArchiveBlockEncrypted No" in clamd.conf.
And a scan still finds it infected.
server(/tmp): clamdscan --config-file=/apps/clamav/etc/clamd.conf
testfile.pdf
/temp/testfile.pdf: Heuristics.Encrypted.PDF FOUND
Why? How do I stop this?
On 2016-03-15 2:13 PM, Steven Morgan wrote:
> Hi,
>
> I took a quick look at the code. The "Heuristics.Encrypted.PDF" is off by
> default. Try clamscan --block-encrypted. If you have 'ArchiveBlockEncrypted
> yes' in your clamd.conf, it would explain the results you are seeing with
> clamdscan.
>
> Is testfile.pdf encrypted?
>
> Check these things out and if it still does not make sense, please open a
> bug report at bugzilla.clamav.net.
>
> On Tue, Mar 15, 2016 at 2:07 PM, Scott Galambos <scottg at particlesoftware.com
>> wrote:
>
>> Trying to wrap my head around this.
>>
>> central(/temp): clamdscan testfile.pdf
>> /temp/testfile.pdf: Heuristics.Encrypted.PDF FOUND
>>
>> central(/temp): clamscan testfile.pdf
>> testfile.pdf: OK
>>
>>
>> Why does clamdscan find a virus, but clamscan not??
>>
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
More information about the clamav-users
mailing list