19 January

ClamAV False positives on PDF files

Written by 


ClamAv is classifying emails with PDF attachments as SPAM for no reason, as logs report:


stream( Heuristics.Encrypted.PDF FOUND
stream( Heuristics.Encrypted.PDF FOUND
stream( PUA.OLE.EmbeddedPDF FOUND


The solution provided by the website virustotal.com is to tell ClamAV to skip the a PUA filter, in this case adding to the clam configuration file the following lines:


DetectPUA yes
ExcludePUA OLE.EmbeddedPDF
ArchiveBlockEncrypted no

Dont forget to restart the ClamAV service / daemon to load the new configuration.

Usefull Links

Virustotal link: https://www.virustotal.com/



Read 8793 times Last modified on Saturday, 05 November 2016 19:40
Rate this item
(0 votes)

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Latest Posts


João Vieira

Skype: jcv.pt

Email: info@joao-vieira.pt


This is my personal page, here you will find IT related, projects, discussions and reviews. Feel free to coment and leave your input.