Re: [clamav-users] PUA.PDF.OpenActionObject FOUND
On 4/30/2011 3:57 PM, Gary Roach wrote: While I received an email saying that this problem was fixed, as of today (30 April) I still have the same problem. The list just keeps getting longer and longer. I am now getting over 60 hits. I am using the Debian Squeeze distribution and it is up to date. Any suggestions? The PUA detections are by definition not a virus, but rather informative to alert the admin about Potentially Unwanted Applications that may need further investigation. I would suggest either turning PUA detection back off or whitelisting the offending signature. PUA detection is turned off by default. To turn it back off edit your clamd.conf and find the line DetectPUA yes and change it to no, then restart clamd. Whitelisting is easy. In your clam DatabaseDirectory (as listed in clamd.conf) create a file named local.ign2 with the contents PUA.PDF.OpenActionObject and the restart clamd. -- Noel Jones ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] PUA.PDF.OpenActionObject FOUND
On Apr 30, 2011, at 6:19 PM, Noel Jones wrote: On 4/30/2011 3:57 PM, Gary Roach wrote: While I received an email saying that this problem was fixed, as of today (30 April) I still have the same problem. The list just keeps getting longer and longer. I am now getting over 60 hits. I am using the Debian Squeeze distribution and it is up to date. Any suggestions? The PUA detections are by definition not a virus, but rather informative to alert the admin about Potentially Unwanted Applications that may need further investigation. I would suggest either turning PUA detection back off or whitelisting the offending signature. PUA detection is turned off by default. To turn it back off edit your clamd.conf and find the line DetectPUA yes and change it to no, then restart clamd. Whitelisting is easy. In your clam DatabaseDirectory (as listed in clamd.conf) create a file named local.ign2 with the contents PUA.PDF.OpenActionObject and the restart clamd. I would add to that, please double check that they are in fact, false positives. PUA, at Noel said, are Potentially Unwanted Applications. I've seen many many PDF attacks caught with this method. Joel ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] PUA.PDF.OpenActionObject FOUND
On 04/26/2011 03:28 AM, Gary Roach wrote: As of yesterday, my action log is filled with files that have PUA.PDF.OpenActionObject FOUND appended to them. Some of these files have been around for literally years. I can not beleve that these are infected. Does anyone know what is going on here. See: http://lurker.clamav.net/message/20110425.203100.70d7595e.en.html http://lurker.clamav.net/message/20110425.204948.78ae1f88.en.html Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml