HomeAboutMailing ListList Chatter /0/0

ClamAV false positive

2019-05-25 by: David White
From: David White 
Is anyone else having any issues with ClamAV false positives, identifying
some PDF documents as infected with: Win.Exploit.CVE_2019_0903-6966169-0

Looks like I'm not the only one:

I generated an invoice in Quickbooks, and tried to email it out, and my
server blocked it. I manually ran a scan to make sure:

[root@mail dwhite]# clamscan Invoice-5-25-2019.pdf
Invoice-5-25-2019.pdf: Win.Exploit.CVE_2019_0903-6966169-0 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 6138219
Engine version: 0.101.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.05 MB
Data read: 0.09 MB (ratio 0.52:1)
Time: 28.143 sec (0 m 28 s)

So then I copied it over to my Ubuntu laptop, and ran a scan on there, and
it came back clean:

david@developcents-laptop:~/Desktop$ sudo clamscan Invoice-5-25-2019.pdf
[sudo] password for david:
Invoice-5-25-2019.pdf: OK

----------- SCAN SUMMARY -----------
Known viruses: 6138218
Engine version: 0.100.3
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.32 MB
Data read: 0.09 MB (ratio 3.57:1)
Time: 31.697 sec (0 m 31 s)

This is very weird...

David White