On Apr 30, 2011, at 6:19 PM, Noel Jones wrote: > On 4/30/2011 3:57 PM, Gary Roach wrote: >> While I received an email saying that this problem was fixed, >> as of today (30 April) I still have the same problem. The list >> just keeps getting longer and longer. I am now getting over 60 >> hits. >> I am using the Debian Squeeze distribution and it is up to >> date. Any suggestions? > > The PUA detections are by definition not a virus, but rather informative to > alert the admin about "Potentially Unwanted Applications" that may need > further investigation. I would suggest either turning PUA detection back off > or whitelisting the offending signature. > > PUA detection is turned off by default. To turn it back off edit your > clamd.conf and find the line > DetectPUA yes > and change it to no, then restart clamd. > > Whitelisting is easy. In your clam DatabaseDirectory (as listed in > clamd.conf) create a file named local.ign2 with the contents > PUA.PDF.OpenActionObject > and the restart clamd.
I would add to that, please double check that they are in fact, false positives. PUA, at Noel said, are "Potentially Unwanted Applications". I've seen many many PDF attacks caught with this method. Joel _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
