[clamav-users] clamscan on truncated file reports infection
Orion Poplawski
orion at nwra.com
Thu Dec 1 18:53:47 UTC 2022
Our filtering proxy is hitting on the following URL:
https://ardownload2.adobe.com/pub/adobe/reader/win/AcrobatDC/2200320263/AcroRdrDCUpd2200320263_MUI.msp
*INFECTED* * *DENIED* Virus or bad content detected.
Win.Ransomware.Razy-9978545-0
The strange thing is, if I run clamscan on the full file, it reports OK. But
if I scan on a truncated version (say just the first 16MB) it reports as
infected. Although I guess this is a result of it being larger than the
maximum file scan size.
I've reported the FP to the clamav.net website.
clamav-0.103.7-1.el7.x86_64
--
Orion Poplawski
IT Systems Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion at nwra.com
Boulder, CO 80301 https://www.nwra.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3847 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20221201/6f63a9d8/attachment.p7s>
More information about the clamav-users
mailing list