[clamav-users] Pdf.Phishing.CWS4c384287-9890237-0
eric-list at truenet.com
eric-list at truenet.com
Fri Sep 10 16:42:36 UTC 2021
Dan,
You can use sigtool:
#sigtool --find-sigs Pdf.Phishing.CWS4c384287-9890237-0 | sigtool
--decode-sigs
Looks like a cmap definition so a definition of character sets to Unicode.
Could definitely be a false positive, send samples to
https://www.clamav.net/reports/fp
Sincerely,
Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
From: clamav-users <clamav-users-bounces at lists.clamav.net> On Behalf Of Dan
Jaap via clamav-users
Sent: Friday, September 10, 2021 12:31 PM
To: clamav-users at lists.clamav.net
Cc: Dan Jaap <djaap at flclerks.com>
Subject: [clamav-users] Pdf.Phishing.CWS4c384287-9890237-0
Can someone explain what the classification
"Pdf.Phishing.CWS4c384287-9890237-0" means? I assume it has something to do
with a link found in a document. However, we've had several of these lately
and I can't see anything wrong with the documents. We're using clamav with
OPSWAT Metadefender, integrated into a Web site. Each document that is
uploaded is scanned by the platform and clamav is the only engine finding
problems with the documents in question. I have already submitted a sample
document as a false positive, but have not heard back yet. I was hoping to
get more info here as to what Pdf.Phishing.CWS4c384287-9890237-0" means.
Here are some details for our clamav environment:
VERSION
0.102.4-810
DATABASE VERSION
1631145600
DEFINITION UPDATES
Up to date (up to date )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20210910/0ddb7b5b/attachment.htm>
More information about the clamav-users
mailing list