It is a temporary correction as the permanent fix going to take sometime. We are actively working on this and will update this thread once permanent fix is available.
Just wanted to mention we also ran into this false positive and it took a couple production apps offline. I’ve since changed the signature to neither block nor report. Report only would have been fine except it causes a flood of alerts in the SOC. Easier to turn off reporting then having to modify the SIEM rule.
If that is the message you receive when you click on the attachment, please download and open the pdf and it should open just fine!