A "PUA" is a "potentially unwanted application", not necessarily malicious. You can disable PUA checks by ensuring that your clamd configuration has "DetectPUA" set to no.
For reference, the signature is looking for bitwise math on CharCodeAt() operations in HTML files.
VIRUS NAME: PUA.Win.Trojan.Xored-1
TARGET TYPE: HTML
OFFSET: *
DECODED SIGNATURE:
charcodeat({WILDCARD_ANY_STRING(LENGTH<=5)})^
I created a bogus test file that matches the signature and, with default configuration settings, it is not detected. But when I force PUA detection to be on, it is detected.
lothlorien:~$ clamscan test.html
Loading: 6s, ETA: 0s [========================>] 8.62M/8.62M sigs
Compiling: 2s, ETA: 0s [========================>] 41/41 tasks
~/test.html: OK
----------- SCAN SUMMARY -----------
Known viruses: 8622174
Engine version: 0.105.0
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 9.865 sec (0 m 9 s)
Start Date: 2022:07:15 16:31:01
End Date: 2022:07:15 16:31:11
lothlorien:~$ clamscan --detect-pua=yes test.html
Loading: 6s, ETA: 0s [========================>] 8.64M/8.64M sigs
Compiling: 2s, ETA: 0s [========================>] 41/41 tasks
~/test.html: PUA.Win.Trojan.Xored-1 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 8637594
Engine version: 0.105.0
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 9.614 sec (0 m 9 s)
Start Date: 2022:07:15 16:31:17
End Date: 2022:07:15 16:31:26
--Maarten