On 04/25/2011 11:21 PM, Claudio Cuqui wrote: > Same problem here. Almost all messages that include PDF attachments are > triggering this false positive (we have more than 3 million accounts > with thousands of line of clamd logs like this)..... > > Would be possible to remove this signature (or replace it with one with > narrow regexp ?)
Just a reminder that you can control which PUA signatures are turned on or off by using IncludePUA <category>, or ExcludePUA <category> in your clamd.conf (and equivalent --include-pua/--exclude-pua for clamscan). Default is PUA off, and once you explicitly enable PUA all categories default to on. You can also ignore any signature locally by just adding the signature names, one on each line, to a file local.ign2 in your DB directory. See signatures.pdf for more details. P.S. the signature got updated (see Alain's reply) Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
