In the past day we have had clamscan on several servers detect infected files due to: PUA.Windows.DoubleExtension-zippwd-3
I've read the clamscan manpage but have not had any luck with getting the "--detect-pua" option to work. Example: # clamscan --detect-pua=no ./sample-msg1.txt ./sample-msg1.txt: PUA.Windows.DoubleExtension-zippwd-3 FOUND ----------- SCAN SUMMARY ----------- Known viruses: 3515268 Engine version: 0.98 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 MB Data read: 0.05 MB (ratio 0.00:1) Time: 9.402 sec (0 m 9 s) In this case, is the infected file being detected by a PUA that I should be able to disable with command line option? Or is "PUA" simply part of the virus signature name? Thanks, Mark _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
