[clamav-users] PUA and file descriptions
Steven Pine
steven at serioustech.net
Thu May 28 13:56:43 UTC 2015
Hi,
In a mostly OS X environment running gruntworks on client machines, clamav scans are finding things like ‘hacktool.crack.someprogram’. Would this be considered a PUA by the clamav team or is it just a naming convention for something more malicious? More generally is there anywhere I could search the tagged names and get a one line description of what clamav found. For example another scan found ‘W97M.Thus.A’ and a quick google search gives a symantec writeup: "W97M.Thus.A is a simple macro virus that infects Word 97 documents. It has a payload that triggers on December 13th which will try to delete all files and subdirectories from the root of the C: drive. This virus will also disable the macro virus protection in Word 97.”
Does clamav maintain anything similar?
Thanks for any help, and thanks for the great tool!
Steven
More information about the clamav-users
mailing list