[clamav-users] clamscan and PUA
Mark Price
mprice at tqhosting.com
Thu Sep 4 16:28:08 UTC 2014
Hi Doug,
On Thu, Sep 4, 2014 at 11:54 AM, Douglas Goddard <dgoddard at sourcefire.com>
wrote:
> Thank you for catching that. PUA is not supported for this signature type,
> I will drop the signature and rename it to avoid the confusion of the
> incorrect PUA label. You'll need to whitelist the new name when that
> appears in a next day or so.
>
Ok, thanks for looking into it and responding quickly.
The txt file example I used in my example was a Maildir message file with a
double-extension filename MIME attachment (blah.JPG.zip) so it is not too
much of a false positive.
But, this signature type is picking up other stuff that is a false positive
to us, such as a file named: chartfx70.desktop.jar - to me, that fits the
definition of a "potentially unwanted" vs confirmed malware/virus, so we'll
whitelist as you mentioned once we find the new signature name.
Mark
More information about the clamav-users
mailing list