From d1127cfcd4b549542412954f7aca09a62f2f4fa0 Mon Sep 17 00:00:00 2001
From: Maksim Sukharev <antreesy.web@gmail.com>
Date: Thu, 7 May 2026 18:53:46 +0200
Subject: [PATCH] feat(antivirus): extend documentation on ClamAV limitations
 with encrypted files

Signed-off-by: Maksim Sukharev <antreesy.web@gmail.com>
---
 .../antivirus_configuration.rst                     | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/admin_manual/configuration_server/antivirus_configuration.rst b/admin_manual/configuration_server/antivirus_configuration.rst
index ff9871aa3fa..de5675dbec1 100644
--- a/admin_manual/configuration_server/antivirus_configuration.rst
+++ b/admin_manual/configuration_server/antivirus_configuration.rst
@@ -178,6 +178,19 @@ https://www.eicar.org/download-anti-malware-testfile/
 Uploading the file will trigger an error:
    "Virus Win.Test.EICAR_HDB-1 is detected in the file. Upload cannot be completed."
 
+Encrypted File Detection Limitations with ClamAV
+------------------------------------------------
+
+By default, ClamAV may still return "OK" for password-protected archives and encrypted files.
+This known ClamAV behavior bypasses "Block unscannable files" option of Antivirus app.
+You may configure additional alert options in ``clamd.conf``, that should catch it:
+
+* ``AlertEncryptedArchive`` - Alert on encrypted archives with heuristic signature (encrypted .zip, .7zip, .rar).
+* ``AlertEncryptedDoc`` - Alert on encrypted archives with heuristic signature (encrypted .pdf).
+* ``AlertEncrypted`` - Alert on both encrypted archives and documents with heuristic signature.
+
+For reliable detection and blocking of encrypted files, consult available antivirus backends documentation.
+
 Manage the background scanner
 -----------------------------