> Could anyone knowledgeable comment? I've knocked something quickly together, it won't be 100% accurate and is very vague, but it might give you a few pointers:
Vague Outline ------------- PUA is a potentially unwanted application Sub-Type: RAT is Remote Access Trojans Description: tools used to remotely access systems but can be used by system admins, for example VNC or RAdmin Example: PUA.RAT.RAdmin-16 could be RAdmin Example: PUA.RAT.VNC-7 would be VNC Windows Example: Scanning a *genuine* UltraVnc gives this: C:\Program Files\UltraVNC\vnchooks.dll: PUA.RAT.VNC-21 FOUND Sub-Type: PwTool is Password Tool Description: Tools used to recover/find passwords. Can be useful for system admins. Example: PUA.PwTool.DialupPass-8 Sub-Type: NetTool Description: General network LAN/WAN tools, for example ip scanning, port scanners, Netcat etc. Example: PUA.NetTool.Angryscan-2 Sub-Type: Tool Description: General system tools, process killers/finders Example: PUA.Tool.PsKill-2 Sub-Type: Spy Description: Keyloggers, spying tools Example: PUA.Spy.DigitalX Sub-Type: Server Description: Server based "badware" Example: PUA.Server.DistributedNet Sub-Type: Script Description: Known "problem" scripts (Javascript/ActiveX etc.) Example: PUA.Script.Packed-1 Sub-Type: Packed Description: Known "bad" packers/tools which can used to hide malware or make debugging difficult Example: PUA.Packed.NPack-3 Sub-Type: IRC Description: IRC server based programs/malware Example: PUA.IRC.Mechbot Hope that helps, Cheers, Steve Sanesecurity _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
