Hi G.W. Haywood, Matthew,
Thank you for your replies.
I understand the category definition and the risk of
excluding it.
Best regards,
Toshiyuki Honda
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinf
Toshiyuk,
Thank you for your interest and use of Clam AV.
The official Clam AV signature naming convention is
(PUA.)Platform.Category.Name-ID-Revision
Thus, "Packed" is a documented category and listed on the website you
linked.
Doc.Packed means the rule is intended to alert on Document files
G.W. Haywood via clamav-users wrote:
One of the reasons that malicious senders send so many malicious
password protected documents by email is that it is not always easy
to detect malware in them without knowledge of the password, so by
and large scanners like ClamAV don't attempt to do it (even
Hi there,
On Thu, 14 Jan 2021, 本多 俊之 wrote:
Password-protected excels are commonly used in our customers.
I want to avoid them being identified as viruses.
If there is a category that is more suitable for password Excel than
Doc.Packed, I want to exclude it.
One of the reasons that malicious
Hi G.W. Haywood,
Thank you for your reply.
> > I added the following line to clamd.conf to avoid the error, but it didn't
> > work.
> > "ExcludePUA Packed"
> >
> So I changed the category to "Doc.Packed" and the error no longer occurs.
> "ExcludePUA Doc.Packed"
>
> Are you sure that you want to
Hi there,
On Thu, 14 Jan 2021, 本多 俊之 wrote:
I got an error due to clamav scanning when sending an Excel document where a
password is set.
The error was as follows:
"wWDZCZvPwM-1.dat: PUA.Doc.Packed.EncryptedDoc-6563700-0 FOUND"
That is not an error. That is ClamAV correctly doing what it is
