Results 1 to 5 of 5

Thread: [SOLVED] ClamAV false positive

  1. #1
    ryandball's Avatar
    ryandball is offline Senior Member
    Join Date
    Dec 2007
    Location
    Portland, OR
    Posts
    61
    Rep Power
    7

    Default [SOLVED] ClamAV false positive

    Hi all, looking for an answer (not found yet via Google).

    We run 5.0.8_GA_2462 FOSS on Ubuntu 6.06 LTS (most likely going to get the commercial version of Zimbra, not sure yet). This morning our HR Manager tried to upload her encrypted 401(k) file to the 401(k) provider and ClamAV sent me a message stating that the file had a virus in it, then deleted her email. I had her try this twice to be sure. I scanned the same file myself with our corporate virus scanner (InoculanIT) and also submitted the file to Virustotal who scanned it with 36 virus scanners, and all came up clean so I think it's a false positive. What should I do, short of disabling AV altogether? Our firewall does provide AV scanning as well for the policy that handles email, so if I disabled ClamAV it would still be protected but I'd rather not of I can help it.

    Thanks in advance!

    Ryan

  2. #2
    Nox
    Nox is offline Active Member
    Join Date
    Jul 2008
    Location
    Michigan, USA
    Posts
    42
    Rep Power
    7

    Default

    I am experiencing this same problem. I think I have tracked it down to this option in clamav:

    "Block encrypted archives"

    As detailed here:

    stopping clamav detecting encrypted zip files

    ClamAV Antivirus


    However, I am not sure how to modify this option in the Zimbra packaged version of clamav. Any help is greatly appreciated as we send password protected zip files regularly.
    Last edited by Nox; 08-06-2008 at 06:51 AM.

  3. #3
    jrefl5 is offline Advanced Member
    Join Date
    Nov 2007
    Location
    AZ, USA
    Posts
    205
    Rep Power
    7

    Default

    Try checking in the Administration console. under Global Settings, AS/AV tab.

    There is a check box for this.

  4. #4
    ryandball's Avatar
    ryandball is offline Senior Member
    Join Date
    Dec 2007
    Location
    Portland, OR
    Posts
    61
    Rep Power
    7

    Default Got it

    Yes I found that option and it fixed it, thanks!

  5. #5
    Nox
    Nox is offline Active Member
    Join Date
    Jul 2008
    Location
    Michigan, USA
    Posts
    42
    Rep Power
    7

    Default

    That was so simple I feel silly. Thank you!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. False Positive Spam debugging
    By gfreemankc in forum Administrators
    Replies: 0
    Last Post: 07-24-2008, 08:43 AM
  2. [SOLVED] Howto: Update ClamAV
    By unilogic in forum Administrators
    Replies: 9
    Last Post: 12-12-2007, 05:28 AM
  3. [SOLVED] Many false positive spam after 4.5.7 upgrade
    By deepblue in forum Administrators
    Replies: 8
    Last Post: 10-10-2007, 09:57 AM
  4. How to release false positive virus email?
    By fisch09 in forum Administrators
    Replies: 4
    Last Post: 09-14-2007, 05:51 AM
  5. startup page
    By sasha in forum Developers
    Replies: 5
    Last Post: 11-13-2006, 08:58 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •