[clamav-users] Frequent PUA.Win.Trojan.EmbeddedPDF-1 false positives
Alex
mysqlstudent at gmail.com
Wed Jun 29 13:53:23 UTC 2016
Hi,
It appears lately there are quite a few PUA.Win.Trojan.EmbeddedPDF-1
false positives. Scanning these messages manually shortly after
they're quarantined doesn't find the same virus sig. In fact, many
times it doesn't specifically include a PDF, but instead a docx file.
I was just wondering if there's something I should know about this
particular signature?
Should I be able to scan a quarantined message in its entirety to
determine if it has a virus? Or do I need to split out the individual
doc/pdf components before scanning? I've done both, but was just
curious if it was necessary to save the individual attachments before
scanning.
I can't easily send a sample, but I'd appreciate any help you may have to offer.
Thanks,
Alex
More information about the clamav-users
mailing list