[clamav-users] PUA.Win.Trojan.EmbeddedPDF-1 and PUA.Pdf.Trojan.EmbeddedJavaScript-1
Mark Foley
mfoley at novatec-inc.com
Fri Oct 27 04:15:02 UTC 2017
You are right! I disabled the ign2 file containing a couple of bytecode
signatures generating false positives (to see if they were fixed), but I didn't
notice that I also had these two 'trojan' signatures in the same file.
I've re-enabled the PUA.*Trojan* signatures in the ign2 file and my notices have
stopped.
The bytecode signature appear to be fixed as they are no longer in the ign2
file, but are generating no notices.
BC.Pdf.Exploit.CVE_2017_2862-6331914-0
BC.Pdf.Exploit.CVE_2017_3032-6316401-6
THX -- Mark
On Wed, 25 Oct 2017 15:17:57 -0700 Al Varnell <alvarnell at mac.com> wrote:
>
> We discussed these same two last December: Usage questions on local.ign2
> <http://lists.clamav.net/pipermail/clamav-users/2016-December/003938.html <http://lists.clamav.net/pipermail/clamav-users/2016-December/003938.html>>
>
> -Al-
>
> On Wed, Oct 25, 2017 at 08:33 AM, Mark Foley wrote:
> > Today I got clamscan notices for PUA.Pdf.Trojan.EmbeddedJavaScript-1 and
> > PUA.Win.Trojan.EmbeddedPDF-1 on over 100 old email files that have been out
> > there for years.
> >
> > Are these false positives?
> >
> > --Mark
More information about the clamav-users
mailing list