The key word in "PUA" is "potentially". These are indicators that something may be malicious.
Joel On May 30, 2011, at 2:51 PM, Robert Schetterer wrote: > Am 30.05.2011 19:55, schrieb cas...@gmail.com: >> Hi, >> >> Today I got our third PUA.* false positive. >> (PUA.Script.PDF.EmbeddedJS) >> (PUA.OLE.EmbeddedPDF) >> (PUA.OLE.EmbeddedPDF) >> >> Hashs identified by clamscan --detect-pua --debug are now in our local.ign2. >> >> E-mail attached files were identified as virus but, when tested with another >> antivirus, nothing were detected. >> >> Files are confidencial, so, we can't share them. >> >> We are using ClamAV 0.97, with freshclam. >> >> >> Are more people getting this behaviour? >> >> >> Thank you. >> >> Best regards, >> >> Cássio >> _______________________________________________ >> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >> http://www.clamav.net/support/ml > > yes i confirm false positives > with PUA.Script.PDF.EmbeddedJS > i disabled pua > -- > Best Regards > > MfG Robert Schetterer > > Germany/Munich/Bavaria > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
