Page 1 of 1
ALL PDF files are blocked due to antivirus false positive
Posted: 11 Jan 2021 08:55
by BOOZy
Virus (YARA.invalid_trailer_structure.UNOFFICIAL)
and Virus (YARA.possible_includes_base64_packed_functions.UNOFFICIAL)
Is there an workaround or update yet?
Re: ALL PDF files are blocked due to antivirus false positive
Posted: 11 Jan 2021 10:36
by BOOZy
Fixed, I have disabled YARA rules in master.conf.
Re: ALL PDF files are blocked due to antivirus false positive
Posted: 11 Jan 2021 19:47
by kicou
Encountered the exact same issue today.
Instead of disabling Yara rules altogether (I use them),
in /etc/clamav-unofficial-sigs/user.conf commented out the line
Code: Select all
#yararulesproject_dbs_rating="HIGH"
and restarted clamscan
Re: ALL PDF files are blocked due to antivirus false positive
Posted: 23 Jan 2021 12:52
by gewonecolalight
I have the same issue and commented out the line that kicou said.
Now I have a bunch of emails that are marked as virus, but I have no option to release those emails. Some are important.
Is there a way to release them?
I searched in /var/spool/Mailscanner/quarantine/<date>/message, but I can't find them there.
Re: ALL PDF files are blocked due to antivirus false positive
Posted: 26 Jan 2021 19:33
by jon doe
I think I mentioned this in another thread but unless you are quarantining silent viruses in Mailscanner.conf, you cannot release them. I recommend that you turn that option on if you want to have the ability to do this.
Re: ALL PDF files are blocked due to antivirus false positive
Posted: 26 Jan 2021 19:43
by gewonecolalight
Ok Thank you.
Just enabled that option.