[clamav-users] PUA.Misc.DoubleExtension-zippwd-4 false positive
Douglas Goddard
dgoddard at sourcefire.com
Thu Sep 4 21:51:05 UTC 2014
This signature is in the process of being dropped. The signature is a ZMD
and PUA is not supported for this type. Once it is dropped it will be
re-published under a non PUA name.
If you would still like to ignore these alerts you can add the new
signatures' names to a whitelist.ign file in your ClamAV virus db folder
once they are published - this will disable the signature from alerting on
your system.
The drop should go through some time tonight and the signature will be
republished under a different name tomorrow or Monday.
Sorry for the inconvenience,
Douglas
On Thu, Sep 4, 2014 at 5:24 PM, Ted Gilchrist <egilchri at gmail.com> wrote:
> I started receiving this virus warning, and I think it's a false alarm. I
> read that I could use clamscan --detect-pua=no to have clamscan ignore such
> PUA warnings, but that didn't work.
>
> How should I proceed? I notice that this virus definition just got added
> yesterday (http://blog.gmane.org/gmane.comp.security.virus.clamav.virusdb)
>
> This message comes up for certain jar files.
>
> Thanks.
>
> --
> "Speech, not just for humans"
>
> http://www.google.com/profiles/egilchri
> about.me/ted.gilchrist
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
More information about the clamav-users
mailing list