Our filtering proxy is hitting on the following URL: https://ardownload2.adobe.com/pub/adobe/reader/win/AcrobatDC/2200320263/AcroRdrDCUpd2200320263_MUI.msp *INFECTED* * *DENIED* Virus or bad content detected. Win.Ransomware.Razy-9978545-0
The strange thing is, if I run clamscan on the full file, it reports OK. But if I scan on a truncated version (say just the first 16MB) it reports as infected. Although I guess this is a result of it being larger than the maximum file scan size. I've reported the FP to the clamav.net website. clamav-0.103.7-1.el7.x86_64 -- Orion Poplawski IT Systems Manager 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane [email protected] Boulder, CO 80301 https://www.nwra.com/
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
