Despite using cmd line switch --detect-pua in Advanced Settings it seems ClamWin does not detect any PUAs.

I know that in previous versions for example my mIRC version triggered PUA detection. This was in version .93.

Is there some additional cmd line switches that I'd need to use in order to allow ClamWin to detect PUAs? Or has the PUA detection been somehow impaired in ClamAV since version .93?

You have the ability to exclude PUA categories from detection, but ClamWin still detects PUAs. Try scanning some known PUAs, as Clam may have tightened up some PUA signatures. They are in the process of adding many more PUA sigs - if Waldec, Zbot, Conficker, and others would only slow down their malwares.

--detect-pua is what I use, and it works fine.

Regards,

Okay then, if I may ask, does anyone have any 'safe' suggestions for PUAs that I could try and see if it works? Installers or archives are fine Perhaps some legitimate process killer or such that might be tagged as PUA?


I have several versions of mIRC in hdd, same goes for eMule mods and I even have uTorrent. None of these seem to trigger PUA detection. Which is kinda odd, as many malware use components from mIRC and the latter are P2P clients

You might try it on a remote administration tool, like Net Cat. A net tool, like a port scanner or sniffer would probably work. Or try a flooder. Or a "bad" packer or something packed with one. Finally, a general purpose keylogger might also work.

A PUA signature is just a normal signature that is described as: PUA.TypeTool.ToolName. Most PUAs aren't very harmful--they are just tools. If they are really bad, they get a virus/trojan/etc. name. Lately, I've been getting a bunch of them from scripts placed in my C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files directory while surfing.

Regards,

netcat did the trick. At least now I know PUA detections work