Hi, It appears lately there are quite a few PUA.Win.Trojan.EmbeddedPDF-1 false positives. Scanning these messages manually shortly after they're quarantined doesn't find the same virus sig. In fact, many times it doesn't specifically include a PDF, but instead a docx file.
I was just wondering if there's something I should know about this particular signature? Should I be able to scan a quarantined message in its entirety to determine if it has a virus? Or do I need to split out the individual doc/pdf components before scanning? I've done both, but was just curious if it was necessary to save the individual attachments before scanning. I can't easily send a sample, but I'd appreciate any help you may have to offer. Thanks, Alex _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
