Hi, all
We received following report from one of our users.
The user is uisng Clamd0.103 on AIX7,2.
When clamd with the option "ArchiveBlockEncrypted" ON scans a specifc PDF which is locked for editing, it is detected as "Heuristics.Encrypted.PDF FOUND".
The PDF is locked for editing, but not locked for viewing.
The PDF file can be found at the following URL.
https://www.promark-inc.com/dl/temp/214-230137_01_006.pdf
It looks like the same behavior when clamd scans a PDF which is locked for viewing.
The log is as follows;
Fri Sep 29 14:35:33 2023 -> /home/user/214-230137_01_006.pdf:
Heuristics.Encrypted.PDF(52d94f1cc9d57e3b350c4cec85c68387:222005) FOUND
We could reproduce the behavior on our test environment, clamd daemon 1.0.2 (OS: Linux, ARCH: x86_64, CPU: x86_64).
Could you tell us how to fix it to scan that PDF properly?
T.O
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
We received following report from one of our users.
The user is uisng Clamd0.103 on AIX7,2.
When clamd with the option "ArchiveBlockEncrypted" ON scans a specifc PDF which is locked for editing, it is detected as "Heuristics.Encrypted.PDF FOUND".
The PDF is locked for editing, but not locked for viewing.
The PDF file can be found at the following URL.
https://www.promark-inc.com/dl/temp/214-230137_01_006.pdf
It looks like the same behavior when clamd scans a PDF which is locked for viewing.
The log is as follows;
Fri Sep 29 14:35:33 2023 -> /home/user/214-230137_01_006.pdf:
Heuristics.Encrypted.PDF(52d94f1cc9d57e3b350c4cec85c68387:222005) FOUND
We could reproduce the behavior on our test environment, clamd daemon 1.0.2 (OS: Linux, ARCH: x86_64, CPU: x86_64).
Could you tell us how to fix it to scan that PDF properly?
T.O
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat