Dan,

 

You can use sigtool:

#sigtool --find-sigs Pdf.Phishing.CWS4c384287-9890237-0 | sigtool
--decode-sigs

 

Looks like a cmap definition so a definition of character sets to Unicode.

Could definitely be a false positive, send samples to
https://www.clamav.net/reports/fp

 

Sincerely,

 

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300

 

From: clamav-users <clamav-users-boun...@lists.clamav.net> On Behalf Of Dan
Jaap via clamav-users
Sent: Friday, September 10, 2021 12:31 PM
To: clamav-users@lists.clamav.net
Cc: Dan Jaap <dj...@flclerks.com>
Subject: [clamav-users] Pdf.Phishing.CWS4c384287-9890237-0

 

Can someone explain what the classification
"Pdf.Phishing.CWS4c384287-9890237-0" means?  I assume it has something to do
with a link found in a document.  However, we've had several of these lately
and I can't see anything wrong with the documents.  We're using clamav with
OPSWAT Metadefender, integrated into a Web site.  Each document that is
uploaded is scanned by the platform and clamav is the only engine finding
problems with the documents in question.  I have already submitted a sample
document as a false positive, but have not heard back yet.  I was hoping to
get more info here as to what Pdf.Phishing.CWS4c384287-9890237-0" means.

 

Here are some details for our clamav environment:

VERSION

0.102.4-810

DATABASE VERSION

1631145600

DEFINITION UPDATES

Up to date (up to date )

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to