Dear Arnaud, Unfortunately, while will specifying "Win.Packer" or even "PUA.Win.Packer" will APPEAR to work, the program logic in ExcludePUA is completely faulty (almost arbitrary).
Yes, it WILL exclude those two - but the problem is, it will exclude GENERICALLY EVERYTHING ELSE (e.g., ALL "Win" or ALL "PUA") - in which case you might as well turn off the entire PUA feature! I finally remembered that I had been down this exact rabbit hole years ago - and found this bug report: https://bugzilla.clamav.net/show_bug.cgi?id=12632#c5 It seems the entire PUA feature is a step-child - by now, not even the config sample and documentation are current. Maybe its time to pull the plug on it, if no one is taking ownership to making it work? (Yes, I realize the answer is to just "contribute" the fixes myself - but that assumes that every ClamAV user is also a C++ programmer, which I am not.) Best Regards, Andy -----Original Message----- From: Arnaud Jacques <webmas...@securiteinfo.com> Sent: Friday, November 18, 2022 11:33 AM To: ClamAV users ML <clamav-users@lists.clamav.net> Subject: Re: [clamav-users] PUA - Category List, invalid URL in config sample! Packer Category? Hello Andy, > My config file already excludes: > > ExcludePUA Packed > > ExcludePUA Downloader > > And adding “Packer” (and restarting ClamD) will NOT exclude the above > “Packer” !? Should work : ExcludePUA PUA.Win.Packer.BorlandCpp-8 ExcludePUA PUA.Win.Packer.BorlandDelphi-12 -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.60.47.09.81 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom Writing signatures for ClamAV antivirus since 2006 _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
