Embedded Javascript Detections In Fill-In Pdf Forms

[BrianG]

I use ClamAV to scan incoming email. I occasionally am emailed fill-in pdf forms. These emails get quarantined by ClamAV for embedded javascript. Is there a way to disable embedded javascript detection? Any advice on the best way to prevent blocking of these emails would be appreciated.

[nwarshawski@sourcefire.com]

Hi Brian,

 

Currently, the best solution I can offer is to turn off Clam AV or Email Scanning through your Immunet Settings (Clam AV Detection Engine or Scan Settings, respectively). We'd like to fix any false positives we see, so it would be great if you emailed these .pdfs to support@immunet.com. We'll forward them to our Clam AV team and get this straightened out.

 

Nick

[BrianG]

Hi Brian,

 

Currently, the best solution I can offer is to turn off Clam AV or Email Scanning through your Immunet Settings (Clam AV Detection Engine or Scan Settings, respectively). We'd like to fix any false positives we see, so it would be great if you emailed these .pdfs to support@immunet.com. We'll forward them to our Clam AV team and get this straightened out.

 

Nick

 

Thanks Nick. This was probably the wrong place to post my issue because I'm using clamd in conjunction with a daemon to scan mail incoming through our mail server. Further research has turned up a way to disable PUA Script detecting using the clam.conf file but I hate to be that heavy handed.

 

In an attempt to determine which attachment was causing the detection I saved the attached pdf files (4) then scanned each with clamscan. All scanned clean. Not sure where to turn next but at least I know to retrieve a message from quarantine when I see a PUA Script detection.