BrianG Posted September 18, 2012 Report Share Posted September 18, 2012 I use ClamAV to scan incoming email. I occasionally am emailed fill-in pdf forms. These emails get quarantined by ClamAV for embedded javascript. Is there a way to disable embedded javascript detection? Any advice on the best way to prevent blocking of these emails would be appreciated. Link to comment Share on other sites More sharing options...
nwarshawski@sourcefire.com Posted September 18, 2012 Report Share Posted September 18, 2012 Hi Brian, Currently, the best solution I can offer is to turn off Clam AV or Email Scanning through your Immunet Settings (Clam AV Detection Engine or Scan Settings, respectively). We'd like to fix any false positives we see, so it would be great if you emailed these .pdfs to support@immunet.com. We'll forward them to our Clam AV team and get this straightened out. Nick Link to comment Share on other sites More sharing options...
BrianG Posted September 18, 2012 Author Report Share Posted September 18, 2012 Hi Brian, Currently, the best solution I can offer is to turn off Clam AV or Email Scanning through your Immunet Settings (Clam AV Detection Engine or Scan Settings, respectively). We'd like to fix any false positives we see, so it would be great if you emailed these .pdfs to support@immunet.com. We'll forward them to our Clam AV team and get this straightened out. Nick Thanks Nick. This was probably the wrong place to post my issue because I'm using clamd in conjunction with a daemon to scan mail incoming through our mail server. Further research has turned up a way to disable PUA Script detecting using the clam.conf file but I hate to be that heavy handed. In an attempt to determine which attachment was causing the detection I saved the attached pdf files (4) then scanned each with clamscan. All scanned clean. Not sure where to turn next but at least I know to retrieve a message from quarantine when I see a PUA Script detection. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.