 |
 | Discontinue The Optional PUA Detection! |  |
|
GuitarBob
|
|
There are some PUA.Packer detections that trigger on many, many, many files in the programs folder. This detection includes some ClamWin and Clam Sentinel executable files. If PUA detection is enabled, and you scan the programs folder, you will not be able to restore files from either the ClamWin or Clam Sentinel quarantine restore utility programs, and ClamWin and Clam Sentinel may also be rendered inoperable. Detection may also kill other AV programs you may be using.
I therefore recommend that all users of ClamWin and Clam Sentinel turn off PUA detection and leave it off forever! In addition to the current problem mentioned above, there are many PUA.script detections on files from "good" web sites that are put in the temporary internet files folder. Many "good" web sites now use lots of scripts, including java script, and many "good" programs are now packed with the same packers used by malware authors. Do yourself a favor, and disable/turn off PUA detection in ClamWin and Clam Sentinel. Let them be concerned only with actual viruses--not Potentially Unwanted Applications. Regards, |
|||||||||||
|
|||||||||||||
 |
| |
|
danq
|
|
Agreed on the recent Packer detections are ridiculous.
I know you keep recommending you leave PUA off, but someone like me wants to know if there's a JavaScript hidden somewhere, and I've seen ASPack in a number of programs and gag games I recommend the average user not have on their computer. If you want to ignore the new Packer stuff (not the Packed stuff which has always been reported), this seems to work for me:
|
|||||||||||||
|
|||||||||||||||
|
| |
|
GuitarBob
|
|
Yes, that will work fine to exclude the recent crowd of Clam PUA packer signatures. It does not look like Clam will do anything about them for the moment. I think, however, when they see the extent of the damage, they will do something. I did a test scan of my program folder with quarantine enabled, and it wiped out quite a few executables, including ClamWin and Clam Sentinel. I was unable to restore anything because the restore executables were also quarantined. Additionally, it killed my Panda Free Cloud scanner. It took a good 30/40 minutes to fix things. Most of the Clam people seem to be Linux devotees, so there is no personal stake there!
With the PUA scripts enabled, you will detect lots of "good" files placed in the temporary internet folder while browsing. Many "good" web sites use scripts now, including javascript. I see lots of malware on web sites using php scripts, and that is hard to detect and to get a signature for. The problem is that malware does many of the same things that "good" programs do. I am also afraid that by the time Clam gets a signature for something, the malware has pretty well run its course, and there is a new version(s) out by then. The trend in malware is to use localized versions that are changed often. Malware web sites are also changed often in an effort to evade blacklisting. It's getting tough! Regards, |
|||||||||||
|
|||||||||||||
|
 | Discontinue The Optional PUA Detection! | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.