efa-project.org


https://forum.efa-project.org/

PDF are blocked

https://forum.efa-project.org/viewtopic.php?t=3600

Page 1 of 1

PDF are blocked

Posted: 25 May 2019 14:59
by jamerson
Hi Guys,
after the last job Cron " CLAM antivirus" PDF attachements seems to be blocked.

[*]Clamd: message was infected: Win.Exploit.CVE_2019_0903-6966169-0
Clamd: Check 15 juni 2019.pdf was infected: Win.Exploit.CVE_2019_0903-6966169-0

The issue now is not every PDF is blocked however i am curious if other people are having this issue too or just the file is really explote .CVE.
files are ok on /etc/MailScanner


Thank you

Re: PDF are blocked

Posted: 25 May 2019 20:47
by shawniverson
I would trust that message. That PDF may have a virus in it.

Re: PDF are blocked

Posted: 27 May 2019 12:19
by ladylinux
Hello,

This seems to be a false positive as I am even getting this from my Spamexperts PDF reports now

I guess a Clamav update in a day or so should resolve it.

Francesca

Re: PDF are blocked

Posted: 27 May 2019 14:48
by henk
There is an issue with clamav pdf's scanning at the moment.

To temp solve it, and don't blame me if the message did report a valid (Win.Exploit.CVE_2019_0903-6966169-0) virus :shhh:

1. Howto whitelist a clamav signature https://www.clamav.net/documents/how-do ... -signature

2. A more detailed ( copy and paste) solution https://marc.info/?l=clamav-users&m=155895964604136&w=2

It would make sense to review your security policy and to check your backup policy, before you whitelist any signatures.

Just take a look at Baltimore https://www.nytimes.com/2019/05/25/us/n ... imore.html

Re: PDF are blocked

Posted: 30 May 2019 10:18
by jamerson
i beleive Clamav has resolved this, last cron job got stuff set up.
anyone facing the same issue still ?

Henk allow signature is not smart thought !
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited