Page 1 of 3 123 LastLast
Results 1 to 10 of 29

Thread: [SOLVED] Every new message is flagged with Exploit.PDF-9669 - Nothing getting through

  1. #1
    Join Date
    Mar 2007
    Location
    Vancouver, Canada
    Posts
    34
    Rep Power
    8

    Default [SOLVED] Every new message is flagged with Exploit.PDF-9669 - Nothing getting through

    As of 3:30 this afternoon all messages started getting tagged with Exploit.PDF-9669 and quarantined. The server is 5.0.2_GA_1975.UBUNTU6. I ran some google searches for that message, but no luck.

    Help.

  2. #2
    Join Date
    Dec 2005
    Posts
    9
    Rep Power
    9

    Default

    I'm actually having the same issue, but have not found a solution yet.

  3. #3
    Join Date
    Jul 2007
    Posts
    3
    Rep Power
    8

    Default

    I'm having the same issue help!!!

  4. #4
    Join Date
    Jan 2010
    Posts
    1
    Rep Power
    5

    Default Exploit.PDF-9669

    We started at 3:30 pst as well - thought it was a server problem at first. After some digging, I found something that said that it had to do with HTML emails. After sever attemts at emailing myself and getting the message :

    Attention! The message was sent with
    VIRUS: Exploit.PDF-9669

    I changed the email format from HTML to plain text and it went through.

    So, is it a local virus on the users pc's? NOD32 doesn't seem to find it???

  5. #5
    Join Date
    Dec 2005
    Posts
    9
    Rep Power
    9

    Default

    Ok, I found the issue.
    Looks like it is related to clamav and I am guessing it's because of an update.
    I edited /opt/zimbra/data/clamav/db/daily.inc/daily.hdb and removed the third from the last line that reads d41d8cd98f00b204e9800998ecf8427e:0:Exploit.PDF-9669

    This so far has resolved my problem until the next freshclam update.
    Older versions of zimbra might have the file in /opt/zimbra/clamav/data/db/daily.inc/daily.hdb

  6. #6
    Join Date
    Dec 2005
    Posts
    9
    Rep Power
    9

    Default

    Just a note that removing this will cause it not to match if there is a virus. In my case the false positive is worse then someone getting the virus.
    Just a warning, but this appears to be broken anyway so.....

  7. #7
    Join Date
    Jan 2010
    Location
    Planet Earth
    Posts
    3
    Rep Power
    5

    Default Looks like a false positive to me

    We have the same issue. When sending mail from Zimbra out to an external mail account neither our SPI firewall nor the AV filters at the receiving end are picking up anything. We've disabled the AV filter service in Zimbra and mail is now flowing as you'd expect.

  8. #8
    Join Date
    Dec 2005
    Posts
    9
    Rep Power
    9

    Default

    I posted 2 other posts, but they are not appearing.
    If they do, sorry for the duplicates.

    I found the issue to be with clamav, most likely due to an update.
    I edited /opt/zimbra/data/clamav/db/daily.inc/daily.hdb
    and removed the line d41d8cd98f00b204e9800998ecf8427e:0:Exploit.PDF-9669 which was third from the bottom.

    In older Zimbra installations it might be in /opt/zimbra/clamav/db/daily.inc/daily.hdb. You will need to restart zimbra or just the AV portion.

  9. #9
    Join Date
    Dec 2005
    Posts
    9
    Rep Power
    9

    Default

    Ok, well, that posted.
    Sorry for that if someone could just merge them into one that would be great. I tried several times to do a single response but they just disappeared.
    Hope that helps.

  10. #10
    Join Date
    Jan 2010
    Location
    Planet Earth
    Posts
    3
    Rep Power
    5

    Default Ask and you shall receive...

    Quote Originally Posted by omniplex View Post
    I will put it in parts.
    Edit the file "/opt/zimbra/data/clamav/db/daily.inc/daily.hdb". Was the third from the last line for me. Restart Zimbra.

    Quote Originally Posted by omniplex View Post
    The line you want to remove should read "d41d8cd98f00b204e9800998ecf8427e:0:Exploit.PD F-9669"..
    Thanks Omniplex... I think I'm going to wait and see if the next update of CLAM is better. Somehow I've got a sinking feeling that if I fix this now, I'll just fix it again after the next update.

Similar Threads

  1. 'Couldn't access Yahoo! Zimbra Desktop server"
    By chirag1 in forum Error Reports
    Replies: 37
    Last Post: 06-12-2011, 05:14 PM
  2. Message disappears between MTA and mailbox server
    By andrew_l in forum Administrators
    Replies: 12
    Last Post: 07-08-2010, 11:26 PM
  3. Can no longer start desktop
    By foobaz in forum General Questions
    Replies: 12
    Last Post: 04-02-2010, 04:06 PM
  4. [SOLVED] Zimbra desktop slowed down the system
    By hvle in forum General Questions
    Replies: 5
    Last Post: 03-23-2009, 05:32 PM
  5. Emails bouncing with "Error Text: 401,'null'"
    By sholden in forum Zimbra Connector for Outlook
    Replies: 27
    Last Post: 08-20-2008, 04:59 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •