You are right! I disabled the ign2 file containing a couple of bytecode signatures generating false positives (to see if they were fixed), but I didn't notice that I also had these two 'trojan' signatures in the same file.
I've re-enabled the PUA.*Trojan* signatures in the ign2 file and my notices have stopped. The bytecode signature appear to be fixed as they are no longer in the ign2 file, but are generating no notices. BC.Pdf.Exploit.CVE_2017_2862-6331914-0 BC.Pdf.Exploit.CVE_2017_3032-6316401-6 THX -- Mark On Wed, 25 Oct 2017 15:17:57 -0700 Al Varnell <alvarn...@mac.com> wrote: > > We discussed these same two last December: Usage questions on local.ign2 > <http://lists.clamav.net/pipermail/clamav-users/2016-December/003938.html > <http://lists.clamav.net/pipermail/clamav-users/2016-December/003938.html>> > > -Al- > > On Wed, Oct 25, 2017 at 08:33 AM, Mark Foley wrote: > > Today I got clamscan notices for PUA.Pdf.Trojan.EmbeddedJavaScript-1 and > > PUA.Win.Trojan.EmbeddedPDF-1 on over 100 old email files that have been out > > there for years. > > > > Are these false positives? > > > > --Mark _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
