Can someone explain what the classification “Pdf.Phishing.CWS4c384287-9890237-0” means?  I assume it has something to do with a link found in a document.  However, we’ve had several of these lately and I can’t see anything wrong with the documents.  We’re using clamav with OPSWAT Metadefender, integrated into a Web site.  Each document that is uploaded is scanned by the platform and clamav is the only engine finding problems with the documents in question.  I have already submitted a sample document as a false positive, but have not heard back yet.  I was hoping to get more info here as to what Pdf.Phishing.CWS4c384287-9890237-0” means.

 

Here are some details for our clamav environment:

VERSION

0.102.4-810

DATABASE VERSION

1631145600

DEFINITION UPDATES

Up to date (up to date )