[sanesecurity] Re: PUA.Pdf.Trojan.EmbeddedJS-1 versus PUA.Pdf.Trojan.EmbeddedJavaScript-1

• From: Noel <noeldude@xxxxxxxxx>
• To: sanesecurity@xxxxxxxxxxxxx
• Date: Thu, 24 Mar 2016 12:56:03 -0500

On 3/24/2016 11:52 AM, Steve basford wrote:

On 24 March 2016 15:57:31 polloxx <polloxx@xxxxxxxxx> wrote:

Dear list,

What is the difference between PUA.Pdf.Trojan.EmbeddedJS-1 and
PUA.Pdf.Trojan.EmbeddedJavaScript-1?

We receive many false positives from it.

That's  an official signature so it'll need reporting to the
clamav team

.

https://www.clamav.net/reports/fp

This is a "PUA" Potentially Unwanted Application detection and not
really a false positive -- clam has correctly identified a .pdf file
containing javascript.

The clamav team response in the past is they won't remove PUA
signatures that are working as intended.  PUA detection is optional
and off by default. 

Your options are to either revert to "DetectPUA no" in your
clamd.conf, or you can add those names to your local.ign2 ignore file.

Since these are official signatures, any followups should go to the
clamav-users list.



  -- Noel Jones

• References:
  • [sanesecurity] PUA.Pdf.Trojan.EmbeddedJS-1 versus PUA.Pdf.Trojan.EmbeddedJavaScript-1
    • From: polloxx
  • [sanesecurity] Re: PUA.Pdf.Trojan.EmbeddedJS-1 versus PUA.Pdf.Trojan.EmbeddedJavaScript-1
    • From: Steve basford

Other related posts:

• » [sanesecurity] PUA.Pdf.Trojan.EmbeddedJS-1 versus PUA.Pdf.Trojan.EmbeddedJavaScript-1- polloxx
• » [sanesecurity] Re: PUA.Pdf.Trojan.EmbeddedJS-1 versus PUA.Pdf.Trojan.EmbeddedJavaScript-1- Steve basford
• » [sanesecurity] Re: PUA.Pdf.Trojan.EmbeddedJS-1 versus PUA.Pdf.Trojan.EmbeddedJavaScript-1 - Noel

1. Home
2. sanesecurity
3. Archive
4. 03-2016

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---