[clamav-users] PUA.Win.Trojan.EmbeddedPDF-1 false-positives
Eric Tykwinski
eric-list at truenet.com
Fri Nov 17 18:01:21 UTC 2017
PUA's tend to have a lot of false positives due to them being Potential.
I wouldn't recommend using them unless you really need a strict scan with
the ability to whitelist when needed.
Sincerely,
Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
> -----Original Message-----
> From: clamav-users [mailto:clamav-users-bounces at lists.clamav.net] On
> Behalf Of Alex
> Sent: Friday, November 17, 2017 12:44 PM
> To: ClamAV users ML
> Subject: [clamav-users] PUA.Win.Trojan.EmbeddedPDF-1 false-positives
>
> Hi,
>
> We're seeing a large number of false-positives with the above rule. Is
> it particularly prone to false-positives? Would someone explain how it
> works?
>
> What's perhaps even more strange is that scanning the email again (or
> the files within the email) don't produce the same false-positives.
>
> Was there a period where this pattern had a problem and has now been
> corrected?
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list