Alex
2016-06-29 13:53:23 UTC
Hi,
It appears lately there are quite a few PUA.Win.Trojan.EmbeddedPDF-1
false positives. Scanning these messages manually shortly after
they're quarantined doesn't find the same virus sig. In fact, many
times it doesn't specifically include a PDF, but instead a docx file.
I was just wondering if there's something I should know about this
particular signature?
Should I be able to scan a quarantined message in its entirety to
determine if it has a virus? Or do I need to split out the individual
doc/pdf components before scanning? I've done both, but was just
curious if it was necessary to save the individual attachments before
scanning.
I can't easily send a sample, but I'd appreciate any help you may have to offer.
Thanks,
Alex
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
It appears lately there are quite a few PUA.Win.Trojan.EmbeddedPDF-1
false positives. Scanning these messages manually shortly after
they're quarantined doesn't find the same virus sig. In fact, many
times it doesn't specifically include a PDF, but instead a docx file.
I was just wondering if there's something I should know about this
particular signature?
Should I be able to scan a quarantined message in its entirety to
determine if it has a virus? Or do I need to split out the individual
doc/pdf components before scanning? I've done both, but was just
curious if it was necessary to save the individual attachments before
scanning.
I can't easily send a sample, but I'd appreciate any help you may have to offer.
Thanks,
Alex
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml