Hi Doug, On Thu, Sep 4, 2014 at 11:54 AM, Douglas Goddard <[email protected]> wrote:
> Thank you for catching that. PUA is not supported for this signature type, > I will drop the signature and rename it to avoid the confusion of the > incorrect PUA label. You'll need to whitelist the new name when that > appears in a next day or so. > Ok, thanks for looking into it and responding quickly. The txt file example I used in my example was a Maildir message file with a double-extension filename MIME attachment (blah.JPG.zip) so it is not too much of a false positive. But, this signature type is picking up other stuff that is a false positive to us, such as a file named: chartfx70.desktop.jar - to me, that fits the definition of a "potentially unwanted" vs confirmed malware/virus, so we'll whitelist as you mentioned once we find the new signature name. Mark _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
