PUA's tend to have a lot of false positives due to them being Potential. I wouldn't recommend using them unless you really need a strict scan with the ability to whitelist when needed.
Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > -----Original Message----- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On > Behalf Of Alex > Sent: Friday, November 17, 2017 12:44 PM > To: ClamAV users ML > Subject: [clamav-users] PUA.Win.Trojan.EmbeddedPDF-1 false-positives > > Hi, > > We're seeing a large number of false-positives with the above rule. Is > it particularly prone to false-positives? Would someone explain how it > works? > > What's perhaps even more strange is that scanning the email again (or > the files within the email) don't produce the same false-positives. > > Was there a period where this pattern had a problem and has now been > corrected? > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
