[clamav-users] FW: Problem with setup
Michael D. L.
clamav at cosis.dk
Wed May 25 09:51:58 EDT 2016
On 05/25/2016 11:06 AM, Philip Andersson wrote:
> I got some new information. The test files came from cybercom and all other test files they sent to us was blocked. I think that clamd removes the virus and reports OK back and translates the stream from PDF 1.4 to PDF 1.5. Because if I open the two files in hexeditors their headers is not the same and the row containing the virus is gone. Could clamd have done this?
That sounds unlikely, as ClamAV can't disinfect files - and surely
wouldn't start converting between PDF formats.
The age of the virus doesn't matter - it should be detected regardless
You should look into making a debug-plugin, to get some more information
about what happens, when the file is injected into the ClamAV-Daemon.
More information about the clamav-users