Tuesday, January 12, 2010

Clamav: Exploit.PDF-9669

SkyHi @ Tuesday, January 12, 2010
Exploit.PDF-9669 was detected on older version of ClamAV.
Most HTML encoded email received seems to be matching on older version of ClamAV.
It seems to be a false positives matching on this signature.

Here is a temporary solution:

edit daily.hdb file
vi /usr/share/clamav/daily.inc/daily.hdb

comment this line as below
#d41d8cd98f00b204e9800998ecf8427e:0:Exploit.PDF-9669

and then restart the service

This problem will be solved for temporary.

I get this solution from this thread:
http://www.gossamer-threads.com/lists/clamav/users/37880
The permanant solution is

update your ClamAV to 0.95.3 and update your daily.inc or daily.cvd.

Reference: http://it.mamak.info/2010/01/exploit-pdf-9669/