Dan,
You can use sigtool: #sigtool --find-sigs Pdf.Phishing.CWS4c384287-9890237-0 | sigtool --decode-sigs Looks like a cmap definition so a definition of character sets to Unicode. Could definitely be a false positive, send samples to https://www.clamav.net/reports/fp Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 From: clamav-users <clamav-users-boun...@lists.clamav.net> On Behalf Of Dan Jaap via clamav-users Sent: Friday, September 10, 2021 12:31 PM To: clamav-users@lists.clamav.net Cc: Dan Jaap <dj...@flclerks.com> Subject: [clamav-users] Pdf.Phishing.CWS4c384287-9890237-0 Can someone explain what the classification "Pdf.Phishing.CWS4c384287-9890237-0" means? I assume it has something to do with a link found in a document. However, we've had several of these lately and I can't see anything wrong with the documents. We're using clamav with OPSWAT Metadefender, integrated into a Web site. Each document that is uploaded is scanned by the platform and clamav is the only engine finding problems with the documents in question. I have already submitted a sample document as a false positive, but have not heard back yet. I was hoping to get more info here as to what Pdf.Phishing.CWS4c384287-9890237-0" means. Here are some details for our clamav environment: VERSION 0.102.4-810 DATABASE VERSION 1631145600 DEFINITION UPDATES Up to date (up to date )
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
