PDF are blocked

Bugs in eFa 4
Post Reply
jamerson
Posts: 138
Joined: 19 Aug 2017 18:57
Location: kaaskop

PDF are blocked

Post by jamerson » 25 May 2019 14:59

Hi Guys,
after the last job Cron " CLAM antivirus" PDF attachements seems to be blocked.

[*]Clamd: message was infected: Win.Exploit.CVE_2019_0903-6966169-0
Clamd: Check 15 juni 2019.pdf was infected: Win.Exploit.CVE_2019_0903-6966169-0

The issue now is not every PDF is blocked however i am curious if other people are having this issue too or just the file is really explote .CVE.
files are ok on /etc/MailScanner


Thank you
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!

User avatar
shawniverson
Posts: 2900
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: PDF are blocked

Post by shawniverson » 25 May 2019 20:47

I would trust that message. That PDF may have a virus in it.
Version eFa 4.0.0 now available!

ladylinux
Posts: 6
Joined: 22 May 2019 11:45

Re: PDF are blocked

Post by ladylinux » 27 May 2019 12:19

Hello,

This seems to be a false positive as I am even getting this from my Spamexperts PDF reports now

I guess a Clamav update in a day or so should resolve it.

Francesca

henk
Posts: 401
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: PDF are blocked

Post by henk » 27 May 2019 14:48

There is an issue with clamav pdf's scanning at the moment.

To temp solve it, and don't blame me if the message did report a valid (Win.Exploit.CVE_2019_0903-6966169-0) virus :shhh:

1. Howto whitelist a clamav signature https://www.clamav.net/documents/how-do ... -signature

2. A more detailed ( copy and paste) solution https://marc.info/?l=clamav-users&m=155895964604136&w=2

It would make sense to review your security policy and to check your backup policy, before you whitelist any signatures.

Just take a look at Baltimore https://www.nytimes.com/2019/05/25/us/n ... imore.html

jamerson
Posts: 138
Joined: 19 Aug 2017 18:57
Location: kaaskop

Re: PDF are blocked

Post by jamerson » 30 May 2019 10:18

i beleive Clamav has resolved this, last cron job got stuff set up.
anyone facing the same issue still ?

Henk allow signature is not smart thought !
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!

Post Reply