yes, version 184.108.40.206 has some really bad bugs...
Our appliance detected clean PDF Files as malware...also the GRANT Letter from McAfee *g*
Can you send me one of the samples? It would be interesting if my appliance has the same problem. If yes, we have a much more bigger Problem, because the behavior changes based on the used Analyzer VMs.... :-/
Just opened a case:
There seems to be a difference under ATD 4.0 if the PDF is scanned on a 32 or 64BIT VM machine!
For the PDF i have discovered that there is a DIFFERENCE If we scan on a W7 (32BIT or 64BIT vm). Both should have the Adobe Reader installed with same patches.
Both with same profile. But i have also one PDF the dxl_201_rn_0-00_en-us.pdf (Release Notes SXL 201 from Mcafee site) as exmaple which get CLEAN on both 32/64BIT VM's.
1/3 ATD 4.0 problems > Solved The PDF False/Positve has been solved for the ATD 4.0 with a new DETECTION package on 18.07.2017 for us. However the E-Mail Connector SCAN of PDF failure is still there.
A new RPM package has been released.
Please check the new RPM package, you should observe POP UP notification in UI for new detection pkg availability.
If it’s not there, please check ATD DNS is configured properly or not. After setting proper DNS notification should come within 1 hour.
If this fails to appear, then you can install th pkg from the CLI. The steps are below:
Go to McAfee downloads and download atd-detection package as shown below
Using ftp account atdadmin/atdadmin on port 22 transfer to file to ATD
Once transferred, log in to ATD CLI and connect with cliadmin account
Then run the following command:
# install package <nameOfThePackage.rpm>