Hi, This is nothing new but I've had a few off-list emails regarding this, so thought I'd throw out to the list.
ArchiveBlockEncrypted (clamd.conf) or --block-encrypted=yes blocks encrypted zip/rar etc. archives which is fine... but it also blocked Encrypted PDF files.. Eg: readme.zip: Heuristics.Encrypted.Zip FOUND readme_enc_40bit.pdf: Heuristics.Encrypted.PDF FOUND readme_enc_aes_128bit.pdf: Heuristics.Encrypted.PDF FOUND Just to see how this has a knock-on issue: http://www.sophos.com/en-us/support/knowledgebase/2450/2800/4550/116206.aspx http://forum.proxmox.com/threads/7443-Virus-Info-Heuristics-Encrypted-PDF So, to let encrypted PDF's through you either have to: a) set ArchiveBlockEncrypted to off b) set ScanPDF to off c) I guess you could also create a local.ign file with: Heuristics.Encrypted.PDF as an entry to whitelist. Perhaps a better solution would be to modify clamd.conf setting: ArchiveBlockEncrypted yes: blocks zips/exes ONLY PDFBlockEncrypted yes: blocks PDFs ONLY **new option** clamscan --block-encrypted=yes should be zip/exes ONLY and a new option --block-encrypted-pdf=no should be added Cheers, Steve Sanesecurity _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
