On Mar 25, 2008, at 1:57 AM, Arnaud Jacques wrote: > > > Just a not about DetectPUA setting : > > The PUAs are being detected based on pattern. You can find patterns > by doing : > grep PUA daily.ndu > grep PUA daily.mdu > > This is not a work in progress. It is not "may or may not work". > This is very > reliable detection of possible unwanted software based on the same > technologies of malware detection. It can be used in production > environment. > > Here a short list of PUAs : > EXE packers > Remote admin tools/VNC > Hacking tools > Network tools > Keyloggers/Monitoring > Password recovery tools > etc... >
Thank you for the clarification - I'll re-enable it and review the results again. My error was in thinking this had a heuristic component of detection in it and now I don't recall how I arrived at that conclusion. I do know it created a lot of false positives for me but I work in an environment where those file types are intentionally exchanged. dp _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
