We're working on some signatures for our users who run ClamAV on their mail servers. We'll be tweaking them over the next few weeks to minimize false positives, but with loose signatures like this, it is difficult to eliminate them completely.
If you're not concerned about double extension files in zips, or suspicious file names (eg. INVOICE_01.exe) then it would be best that you white list any signatures that cause you problems. In the meantime, we appreciate the feedback as these signatures will need some modification. Thank you, Douglas On Wed, Sep 3, 2014 at 8:02 AM, Steve Basford < [email protected]> wrote: > > On Wed, September 3, 2014 12:54 pm, Gene Heskett wrote: > >> > >> ”—detect-pua” switch for clamscan or disable it in the clamd.conf file. > >> > > > > Which one?, I have 3 of them. This is an old ubuntu 10.04 LTS install. > > Also its reported as version 98.1. > > If you are using clamscan then I guess you've got a script somewhere, > calling clamscan, you need to add: --detect-pua=no > > If it's clamdscan you are using then edit the clamd.conf file... and > restart clamd... > > # Detect Possibly Unwanted Applications. > # Default: no > DetectPUA No > > Cheers, > > Steve > Sanesecurity.com > > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
