[clamav-users] FW: Problem with setup
Michael D. L.
clamav at cosis.dk
Wed May 25 13:51:58 UTC 2016
On 05/25/2016 11:06 AM, Philip Andersson wrote:
>
>
> I got some new information. The test files came from cybercom and all other test files they sent to us was blocked. I think that clamd removes the virus and reports OK back and translates the stream from PDF 1.4 to PDF 1.5. Because if I open the two files in hexeditors their headers is not the same and the row containing the virus is gone. Could clamd have done this?
>
>
That sounds unlikely, as ClamAV can't disinfect files - and surely
wouldn't start converting between PDF formats.
The age of the virus doesn't matter - it should be detected regardless
of method.
You should look into making a debug-plugin, to get some more information
about what happens, when the file is injected into the ClamAV-Daemon.
Best regards
Michael
More information about the clamav-users
mailing list