I am using clamdscan --multiscan to scan our infrastructure with the DetectPUA flag enabled.
Recently, we've encountered several false positives for Potentially Unwanted Applications (PUAs) in the Win category.
To address this, I added ExcludePUA Win to clamd.conf.
However, it appears that this option is being ignored, as the scan continues to flag certain files as PUAs.
Wed Jul 3 09:47:10 2024 -> /var/log/appx/684220/audit_logs_2024-06-06.log.gz: PUA.Win.Exploit.CVE_2012_1461-1 FOUND
Also when I try to run clamscan like below, the scanner is ignoring exlusions unless there is only one category set
Problem
I am using
clamdscan --multiscan
to scan our infrastructure with theDetectPUA
flag enabled. Recently, we've encountered several false positives for Potentially Unwanted Applications (PUAs) in theWin
category. To address this, I addedExcludePUA Win
toclamd.conf
. However, it appears that this option is being ignored, as the scan continues to flag certain files as PUAs.Also when I try to run
clamscan
like below, the scanner is ignoring exlusions unless there is only one category setI also tried:
It works fine if only one PUA category set:
Configuration
Runtime environment
Clamd options