On the 25th of may clamav released a signature database containing a virus signature that mistakenly flagged as virus many legit pdf files.
The name of the failing signature is Win.Exploit.CVE_2019_0903-6966169-0
On the 26th of May Libraesva released an override directive to all ESVA appliances to ignore this failing signature.
You can find and release these messages by following these steps:
1) Go to the Reports tab:
2) Enter a filter for the date range (form the 25th to now), then press Add:
3) Enter a filter for messages flagged as virus, then press Add:
4) Add a filter for virus reports containing Win.Exploit.CVE_2019_0903-6966169-0 then press Add:
5) On the right side of the page, you can see the results of this filter, click on “Message operations”:
6) From this page you can see all the messages that have been blocked for this virus rule. Select the messages that you want to release by checking the checkboxes and then press “Rescan”. Messages will be checked again against the virus and spam rules before release:
Sorry for the inconvenience.
The Libraesva Support Team