PDF are blocked

Bugs in eFa 4
Post Reply
jamerson
Posts: 164
Joined: 19 Aug 2017 18:57
Location: kaaskop

PDF are blocked

Post by jamerson »

Hi Guys,
after the last job Cron " CLAM antivirus" PDF attachements seems to be blocked.

[*]Clamd: message was infected: Win.Exploit.CVE_2019_0903-6966169-0
Clamd: Check 15 juni 2019.pdf was infected: Win.Exploit.CVE_2019_0903-6966169-0

The issue now is not every PDF is blocked however i am curious if other people are having this issue too or just the file is really explote .CVE.
files are ok on /etc/MailScanner


Thank you
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: PDF are blocked

Post by shawniverson »

I would trust that message. That PDF may have a virus in it.
ladylinux
Posts: 6
Joined: 22 May 2019 11:45

Re: PDF are blocked

Post by ladylinux »

Hello,

This seems to be a false positive as I am even getting this from my Spamexperts PDF reports now

I guess a Clamav update in a day or so should resolve it.

Francesca
henk
Posts: 517
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: PDF are blocked

Post by henk »

There is an issue with clamav pdf's scanning at the moment.

To temp solve it, and don't blame me if the message did report a valid (Win.Exploit.CVE_2019_0903-6966169-0) virus :shhh:

1. Howto whitelist a clamav signature https://www.clamav.net/documents/how-do ... -signature

2. A more detailed ( copy and paste) solution https://marc.info/?l=clamav-users&m=155895964604136&w=2

It would make sense to review your security policy and to check your backup policy, before you whitelist any signatures.

Just take a look at Baltimore https://www.nytimes.com/2019/05/25/us/n ... imore.html
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
jamerson
Posts: 164
Joined: 19 Aug 2017 18:57
Location: kaaskop

Re: PDF are blocked

Post by jamerson »

i beleive Clamav has resolved this, last cron job got stuff set up.
anyone facing the same issue still ?

Henk allow signature is not smart thought !
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!
Post Reply