ALL PDF files are blocked due to antivirus false positive

Bugs in eFa 4
Post Reply
User avatar
BOOZy
Posts: 26
Joined: 04 Oct 2017 13:17

ALL PDF files are blocked due to antivirus false positive

Post by BOOZy » 11 Jan 2021 08:55

Virus (YARA.invalid_trailer_structure.UNOFFICIAL)

and Virus (YARA.possible_includes_base64_packed_functions.UNOFFICIAL)

Is there an workaround or update yet?

User avatar
BOOZy
Posts: 26
Joined: 04 Oct 2017 13:17

Re: ALL PDF files are blocked due to antivirus false positive

Post by BOOZy » 11 Jan 2021 10:36

Fixed, I have disabled YARA rules in master.conf.

kicou
Posts: 1
Joined: 11 Jan 2021 19:41

Re: ALL PDF files are blocked due to antivirus false positive

Post by kicou » 11 Jan 2021 19:47

Encountered the exact same issue today.

Instead of disabling Yara rules altogether (I use them),

in /etc/clamav-unofficial-sigs/user.conf commented out the line

Code: Select all

#yararulesproject_dbs_rating="HIGH"
and restarted clamscan

Code: Select all

systemctl restart clamd@scan

Post Reply