[clamav-users] FW: Problem with setup

Michael D. L. clamav at cosis.dk
Wed May 25 09:51:58 EDT 2016

On 05/25/2016 11:06 AM, Philip Andersson wrote:
> I got some new information. The test files came from cybercom and all other test files they sent to us was blocked. I think that clamd removes the virus and reports OK back and translates the stream from PDF 1.4 to PDF 1.5. Because if I open the two files in hexeditors their headers is not the same and the row containing the virus is gone. Could clamd have done this?

That sounds unlikely, as ClamAV can't disinfect files - and surely 
wouldn't start converting between PDF formats.

The age of the virus doesn't matter - it should be detected regardless 
of method.

You should look into making a debug-plugin, to get some more information 
about what happens, when the file is injected into the ClamAV-Daemon.

Best regards

More information about the clamav-users mailing list