Our filtering proxy is hitting on the following URL:
https://ardownload2.adobe.com/pub/adobe/reader/win/AcrobatDC/2200320263/AcroRdrDCUpd2200320263_MUI.msp
*INFECTED* * *DENIED* Virus or bad content detected.
Win.Ransomware.Razy-9978545-0
The strange thing is, if I run clamscan on the full file, it reports OK. But
if I scan on a truncated version (say just the first 16MB) it reports as
infected. Although I guess this is a result of it being larger than the
maximum file scan size.
I've reported the FP to the clamav.net website.
clamav-0.103.7-1.el7.x86_64
--
Orion Poplawski
IT Systems Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion@nwra.com
Boulder, CO 80301 https://www.nwra.com/
https://ardownload2.adobe.com/pub/adobe/reader/win/AcrobatDC/2200320263/AcroRdrDCUpd2200320263_MUI.msp
*INFECTED* * *DENIED* Virus or bad content detected.
Win.Ransomware.Razy-9978545-0
The strange thing is, if I run clamscan on the full file, it reports OK. But
if I scan on a truncated version (say just the first 16MB) it reports as
infected. Although I guess this is a result of it being larger than the
maximum file scan size.
I've reported the FP to the clamav.net website.
clamav-0.103.7-1.el7.x86_64
--
Orion Poplawski
IT Systems Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion@nwra.com
Boulder, CO 80301 https://www.nwra.com/
Attached Files:
-
smime.p7s (3.76 KB)