As of yesterday, my action log is filled with files that have
"PUA.PDF.OpenActionObject FOUND" appended to them. Some of these files
have been around for literally years. I can not beleve that these are
infected. Does anyone know what is going on here.
Any help will be appreciated.
Gary R.
__
On 04/25/2011 11:21 PM, Claudio Cuqui wrote:
> Same problem here. Almost all messages that include PDF attachments are
> triggering this false positive (we have more than 3 million accounts
> with thousands of line of clamd logs like this).
>
> Would be possible to remove this signature (or re
PUA.PDF.OpenActionObject has been dropped and has been replaced with
the signatures below:
PUA.Script.PDF.OpenActionObjectwithJavascript
PUA.Script.PDF.OpenActionObjectwithJS
Thanks,
-Alain
On Sun, Apr 24, 2011 at 5:03 AM, Johannes Schulz wrote:
> "sigtool -fPUA.PDF.OpenActionObject|sigtool --
PUA.PDF.EmbeddedJS and PUA.PDF.EmbeddedJavaScript has been dropped and
has been replaced with the signatures below:
PUA.Script.PDF.EmbeddedJavaScript
PUA.Script.PDF.EmbeddedJS
Thanks,
-Alain
On Sun, Apr 24, 2011 at 8:30 AM, Steven Chamberlain wrote:
> On -10/01/37 20:59, Johannes Schulz wrote
Same problem here. Almost all messages that include PDF attachments are
triggering this false positive (we have more than 3 million accounts
with thousands of line of clamd logs like this).
Would be possible to remove this signature (or replace it with one with
narrow regexp ?)
Regards,
Hello,
We've got reports of lots of false positives for PUA.PDF.OpenActionObject.
Printers, scanners and such that are scanning documents and sending them via
email are hitting this particular signature.
Martin Sager
University of Michigan
___
Help
