Encrypted *.pdfs are marked as threat

[mungo59]

Hi,

I am using clamav 0.99.2 with ClamTK 5.21-1 and clamtk-gnome 0.01-1 on Linux Mint inxi CPU~Quad core Intel Core i5-3470 (-MCP-) speed/max~1602/3600 MHz Kernel~3.19.0-32-generic x86_64 Up~1:40 Mem~2084.5/7918.5MB HDD~750.2GB(15.8% used) Procs~195 Client~Shell inxi~2.2.28

Using encryption to protect personal data while exchanging e-mail, I save those files regularily as encrypted (with pdf tool kit and pdfchain 1:0.4.0-1). Now, they become marked as possible threats by clamav. As they are lots, some real threats might hide among them and may be out of my attention. As they are spread all over the directories, the exception of those does no good.

Is there any way to explicitly except those *.pdfs?

Best regards

[dave-theunsub]

Hi,

There are two possibilities that I can think of:

1. Disable PUA in Settings. This will work if ClamTk is reporting them as something with "PUA" in the detection name.
2. Put those PDFs in a directory, and then whitelist that directory.

I recommend the first option - PUAs can be false positives or, in general, not a big threat. And this way you wouldn't have to create another directory, which could be disruptive.

respectfully Dave M

[mungo59]

Hi Dave,

Disable PUA in Settings. This will work if ClamTk is reporting them as something with "PUA" in the detection name.

Nope. They are not shown as PUAs, just listet without comment. ClamTK does not specify the threat anyway.

Put those PDFs in a directory, and then whitelist that directory.

This would break my filing system.

Is it possible to exclude *.pdfs with a special file name, like an underscore as last character?

[dave-theunsub]

Hi,

Right now we don't have whitelisting of files, just directories. We might be able to add it down the road though.

respectfully Dave M

[dave-theunsub]

Closing for now. Open another to discuss again.

Thanks, Dave M