[clamav-users] Is there a PUA warnings Database for ClamScan - Looking up PUA for Webmin

Al Varnell alvarnell at mac.com
Wed Aug 12 02:23:36 EDT 2015


I may be totally misunderstanding your question, but I’ll tell you what I know and perhaps somebody from ClamAV will have a better answer for you later.

In general, all False Positive should be reported using the “Report False Positive” page:
<http://www.clamav.net/report/report-fp.html>.

I know there was a period of time when PUA could not be submitted, but I don’t see any such restrictions at the moment.

As you can imagine, PUA FP’s are often in the eyes of the beholder.  For instance, if the signature was meant to identify a parental control application that can be used to track user activity, but instead it identifies a word processor application, then it’s clearly an FP.  If it identifies a web site that is able to access clipboard data from IE 7 through 11, then it’s PUA, whether intentional or not.

Again, in general, there is no public information available on an infection to be “looked up”.  The signature writer might have something in their notes about it, but that’s as far as it ever goes.  So I don’t know what you want to look up, but you have already looked in all the right places (Google and VirusTotal).

If you are interested in knowing what the signature looks like, then you can look it up at:
<http://clamav-du.securesites.net/cgi-bin/clamgrok>
or use 
sigtool --find [infectionname]

and if it’s decodable 
sigtool —find [infectionname] | signal —decode-sig

-Al-


On Tue, Aug 11, 2015 at 08:52 PM, shane at virusbusters.co.nz wrote:
> 
> is there a place that common false positives can be either registered or looked up?



More information about the clamav-users mailing list