[clamav-users] PUA - Category List, invalid URL in config sample! Packer Category?
Andy_Schmidt at HM-Software.com
Andy_Schmidt at HM-Software.com
Sat Nov 19 16:07:55 UTC 2022
Dear Arnaud,
Unfortunately, while will specifying "Win.Packer" or even "PUA.Win.Packer" will APPEAR to work, the program logic in ExcludePUA is completely faulty (almost arbitrary).
Yes, it WILL exclude those two - but the problem is, it will exclude GENERICALLY EVERYTHING ELSE (e.g., ALL "Win" or ALL "PUA") - in which case you might as well turn off the entire PUA feature!
I finally remembered that I had been down this exact rabbit hole years ago - and found this bug report:
https://bugzilla.clamav.net/show_bug.cgi?id=12632#c5
It seems the entire PUA feature is a step-child - by now, not even the config sample and documentation are current. Maybe its time to pull the plug on it, if no one is taking ownership to making it work?
(Yes, I realize the answer is to just "contribute" the fixes myself - but that assumes that every ClamAV user is also a C++ programmer, which I am not.)
Best Regards,
Andy
-----Original Message-----
From: Arnaud Jacques <webmaster at securiteinfo.com>
Sent: Friday, November 18, 2022 11:33 AM
To: ClamAV users ML <clamav-users at lists.clamav.net>
Subject: Re: [clamav-users] PUA - Category List, invalid URL in config sample! Packer Category?
Hello Andy,
> My config file already excludes:
>
> ExcludePUA Packed
>
> ExcludePUA Downloader
>
> And adding “Packer” (and restarting ClamD) will NOT exclude the above
> “Packer” !?
Should work :
ExcludePUA PUA.Win.Packer.BorlandCpp-8
ExcludePUA PUA.Win.Packer.BorlandDelphi-12
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.60.47.09.81
E-mail : aj at securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
Writing signatures for ClamAV antivirus since 2006
More information about the clamav-users
mailing list