Virus (YARA.invalid_trailer_structure.UNOFFICIAL)
and Virus (YARA.possible_includes_base64_packed_functions.UNOFFICIAL)
Is there an workaround or update yet?
ALL PDF files are blocked due to antivirus false positive
Re: ALL PDF files are blocked due to antivirus false positive
Fixed, I have disabled YARA rules in master.conf.
Re: ALL PDF files are blocked due to antivirus false positive
Encountered the exact same issue today.
Instead of disabling Yara rules altogether (I use them),
in /etc/clamav-unofficial-sigs/user.conf commented out the line
and restarted clamscan
Instead of disabling Yara rules altogether (I use them),
in /etc/clamav-unofficial-sigs/user.conf commented out the line
Code: Select all
#yararulesproject_dbs_rating="HIGH"
Code: Select all
systemctl restart clamd@scan
-
- Posts: 5
- Joined: 01 Apr 2017 16:11
Re: ALL PDF files are blocked due to antivirus false positive
I have the same issue and commented out the line that kicou said.
Now I have a bunch of emails that are marked as virus, but I have no option to release those emails. Some are important.
Is there a way to release them?
I searched in /var/spool/Mailscanner/quarantine/<date>/message, but I can't find them there.
Now I have a bunch of emails that are marked as virus, but I have no option to release those emails. Some are important.
Is there a way to release them?
I searched in /var/spool/Mailscanner/quarantine/<date>/message, but I can't find them there.
Re: ALL PDF files are blocked due to antivirus false positive
I think I mentioned this in another thread but unless you are quarantining silent viruses in Mailscanner.conf, you cannot release them. I recommend that you turn that option on if you want to have the ability to do this.
-
- Posts: 5
- Joined: 01 Apr 2017 16:11
Re: ALL PDF files are blocked due to antivirus false positive
Ok Thank you.
Just enabled that option.
Just enabled that option.