[clamav-users] PUA.Script.PDF.EmbeddedJS-1

aklist aklist_eims at enigmedia.com
Tue Sep 1 22:01:54 EDT 2015


On 9/1/2015 8:28 PM, Al Varnell wrote:
> Let me start by saying that I don’t recall an engine update ever flagging less files as infected.  If anything, they would enable even more signatures to identify more files, so I’m confident that PUA.Script.PDF.EmbeddedJS-1 would work exactly the same with today’s engine.
>
> But more importantly is the conclusion that this is a False Positive.  Potentially Unwanted Application / Process (PUA/PUP) detections are almost never False Positives (although I did verify one once a few years ago).  In this case the signature would appear to have identified a PDF document that contains javascript.  That’s all it’s warning you about.  If that’s what you expected from this document then ignore it and get on with your work.  If you are surprised by such a thing, then perhaps you should take another look at it to see what it does and if it could be malicious.
>
> Of course, chances are extremely high that even a malicious javascript would be Windows based and no threat to a Mac, but that’s probably beside the point.

Thanks Al for that information. The machine that detected it is a 
mailserver, and the final recipient would have been a Windows machine.

The only references to it being a false positive are several years old, 
and since this version of ClamAV is from a similar "vintage" I wanted to 
make sure that the signature hadn't been deemed "not a threat" in later 
versions of ClamAV.

> -Al-
>
> On Tue, Sep 01, 2015 at 03:37 PM, aklist wrote:
>>
>> Hi All: A PDF attachment to an email was scanned by clamAV and found to have the following virus: PUA.Script.PDF.EmbeddedJS-1
>>
>> I googled around on this and found some reports that it's a false positive. I'm still running 0.96.1 on MacOS 10.6.8, and I realize that it is out of date, but I was curious if later versions of clamAV would also flag this virus?
>>
>>
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml




More information about the clamav-users mailing list