Hi there, On Thu, 14 Jan 2021, 本多 俊之 wrote:
I got an error due to clamav scanning when sending an Excel document where a password is set. The error was as follows: "wWDZCZvPwM-1.dat: PUA.Doc.Packed.EncryptedDoc-6563700-0 FOUND"
That is not an error. That is ClamAV correctly doing what it is supposed to do.
I added the following line to clamd.conf to avoid the error, but it didn't work. "ExcludePUA Packed" So I changed the category to "Doc.Packed" and the error no longer occurs. "ExcludePUA Doc.Packed"
Are you sure that you want to do that? Password-protected compressed malicious mail is one of the most common issues which I see at present. It is good practice to scan sent mail, but if you are sending the mail then presumably you will have ways of preventing a scan from rejecting your own mail other than disabling the scanner for all mail.
I cannot find "Doc.Packed" in the official PUA categories: https://www.clamav.net/documents/potentially-unwanted-applications-pua Could you please let me know what is "Doc.Packed" category and whether it is available?
The documentation appears to me to be either misleading or out of date. Try something like this: $ grep -a '^PUA' .../daily.cld | cut -d'.' -f 1,2,3 | sort | uniq It might not be a complete list but it will be a start. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
