I may be totally misunderstanding your question, but I’ll tell you what I know and perhaps somebody from ClamAV will have a better answer for you later.
In general, all False Positive should be reported using the “Report False Positive” page: <http://www.clamav.net/report/report-fp.html>. I know there was a period of time when PUA could not be submitted, but I don’t see any such restrictions at the moment. As you can imagine, PUA FP’s are often in the eyes of the beholder. For instance, if the signature was meant to identify a parental control application that can be used to track user activity, but instead it identifies a word processor application, then it’s clearly an FP. If it identifies a web site that is able to access clipboard data from IE 7 through 11, then it’s PUA, whether intentional or not. Again, in general, there is no public information available on an infection to be “looked up”. The signature writer might have something in their notes about it, but that’s as far as it ever goes. So I don’t know what you want to look up, but you have already looked in all the right places (Google and VirusTotal). If you are interested in knowing what the signature looks like, then you can look it up at: <http://clamav-du.securesites.net/cgi-bin/clamgrok> or use sigtool --find [infectionname] and if it’s decodable sigtool —find [infectionname] | signal —decode-sig -Al- On Tue, Aug 11, 2015 at 08:52 PM, sh...@virusbusters.co.nz wrote: > > is there a place that common false positives can be either registered or > looked up? _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
