Gene, Note that the ClamAV folks do not accept the premise of a PUA being an FP.
If you go to the FP submission page you will read: "Please do not report false positives for PUA.* signatures because they are automatically rejected" Before they adopted this policy I was able to slip a bug report in (June 2010) concerning the over 1300 PUA.HTML.Infected.WebPage-2 FP's I got, but it is still open. I ended up white-listing it. -Al- -- Al Varnell Mountain View, CA On 10/16/12 11:37 PM, "Gene Heskett" wrote: > I have clam doing a scan of my home dir in the wee hours every morning, > and I noted that it was burning up first one core, then the next in my > phenom just now. > > So I tailed the log just for S&G: > > /home/gene/.wine/drive_c/Program Files/Google/Google SketchUp 8/BsSndRpt.exe: > PUA.Win32.Packer.SetupExeSection FOUND > /home/gene/.kde/tmp-coyote/kmailn16717.tmp: PUA.Win32.Packer.Upx-28 FOUND > /home/gene/src/pcbgcode/viewer/application.windows/viewer.exe: > PUA.Win32.Packer.MingwGcc-2 FOUND > /home/gene/src/HeeksCNC/unins000.exe: PUA.Win32.Packer.Vip FOUND > /home/gene/eagle/ulp/opti.exe: PUA.Win32.Packer.Upx-53 FOUND > /home/gene/eagle/ulp/viewer/application.windows/viewer.exe: > PUA.Win32.Packer.MingwGcc-2 FOUND > /home/gene/Downloads/DriveWire4_4.1.0.zip: PUA.Win32.Packer.MingwGcc-2 FOUND > /home/gene/Downloads/Download/MWPNT10N.86A.0113.BI.ZIP: > PUA.Win32.Packer.Exepack FOUND > /home/gene/Downloads/Download/pcb/viewer/application.windows/viewer.exe: > PUA.Win32.Packer.MingwGcc-2 FOUND > /home/gene/Downloads/Download/KindleForPC-installer.exe: > PUA.Win32.Packer.Psadobefont FOUND > /home/gene/Downloads/Download/viewer/application.windows/viewer.exe: > PUA.Win32.Packer.MingwGcc-2 FOUND > /home/gene/Downloads/Download/MWPNT10N.86A.0122.BI.ZIP: > PUA.Win32.Packer.Exepack FOUND > /home/gene/Downloads/Download/opti_8_1_08_2209.zip: PUA.Win32.Packer.Upx-53 > FOUND > /home/gene/Downloads/Download/pcb-gcode-3.5.2.11.zip: > PUA.Win32.Packer.MingwGcc-2 FOUND > /home/gene/Downloads/Download/d525mwbios/IFLASH2.EXE: PUA.Win32.Packer.Exepack > FOUND > > Several of those are either eagle, heekscad or various PC bios update packs, > including the bios that is in this machine. I'd almost bet a bottle of > your fav brew these are false positives. > > What say you? _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
