[clamav-users] Is Doc.Packed available as PUA category?
本多 俊之
t_honda at dreamarts.co.jp
Thu Jan 14 13:00:04 UTC 2021
Hi G.W. Haywood,
Thank you for your reply.
> > I added the following line to clamd.conf to avoid the error, but it didn't work.
> > "ExcludePUA Packed"
> >
> So I changed the category to "Doc.Packed" and the error no longer occurs.
> "ExcludePUA Doc.Packed"
>
> Are you sure that you want to do that? Password-protected compressed
> malicious mail is one of the most common issues which I see at present.
> It is good practice to scan sent mail, but if you are sending the mail
> then presumably you will have ways of preventing a scan from rejecting
> your own mail other than disabling the scanner for all mail.
Password-protected excels are commonly used in our customers.
I want to avoid them being identified as viruses.
If there is a category that is more suitable for password Excel than Doc.Packed, I want to exclude it.
Is there a description for Doc.Packed somewhere?
> Try something like this:
>
> $ grep -a '^PUA' .../daily.cld | cut -d'.' -f 1,2,3 | sort | uniq
>
> It might not be a complete list but it will be a start.
I confirmed more categories are included in the list than ones in the document.
Best regards,
Toshiyuki Honda
More information about the clamav-users
mailing list