[clamav-users] Heuristics.Encrypted.PDF

Dino Edwards dino.edwards at mydirectmail.net
Sat Apr 15 10:51:16 EDT 2017

We seem to be getting a lot of false positives with the following message:

INFECTED, message contains virus: Heuristics.Encrypted.PDF

The reason I know they are false positives is because when looking at the attached PDFs, there is no passwords set on them. The simple answer would be to simply set ArchiveBlockEncrypted to false, however that's not a good solution. We need ArchiveBlockEncrypted enabled to block potential malware but we need to somehow stop these false positives.

Our clamav version is ClamAV 0.99.2


Dino Edwards

More information about the clamav-users mailing list