Exploit.PDF-9669 was detected on older version of ClamAV.
Most HTML encoded email received seems to be matching on older version of ClamAV.
It seems to be a false positives matching on this signature.
Here is a temporary solution:
edit daily.hdb file
vi /usr/share/clamav/daily.inc/daily.hdb
comment this line as below
#d41d8cd98f00b204e9800998ecf8427e:0:Exploit.PDF-9669
and then restart the service
This problem will be solved for temporary.
I get this solution from this thread:
http://www.gossamer-threads.com/lists/clamav/users/37880
The permanant solution is
update your ClamAV to 0.95.3 and update your daily.inc or daily.cvd.
Reference: http://it.mamak.info/2010/01/exploit-pdf-9669/
Tuesday, January 12, 2010
Clamav: Exploit.PDF-9669
Category:
Amavisd-new ClamAv Spamassassin
— SkyHi @ Tuesday, January 12, 2010
