1 (edited by kmihalj 2015-12-14 19:25:55)

Topic: ClamAV Potentially Unwanted Applications (PUA)

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.2
- Linux/BSD distribution name and version: CentOS 7.x
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? Some
- Related log if you're reporting an issue:
====

Is there posibility to enable on ClamAV to detectPUA https://github.com/vrtadmin/clamav-faq/ … faq-pua.md ?
... on default iredmail instalation on CentOS there is no file clamd.conf so I can't find where I can enable this feature of ClamAV for incoming mails.

Why ?

... i had crypto wirus passed to users mailboxes ... packed .js file in zip archive ... I disabled .js files anywhere in amavish, but such scripts can be sent also in html atachments, and detect PUA can actualy detect such threats so I wolud like to enable that feature and to send such mails to quarantine. That way no mail will be lost, and users can found legit mails in theres own qarantine.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: ClamAV Potentially Unwanted Applications (PUA)

ClamAV has /etc/clamd.conf, and you can define/control PUA in this file.

3

Re: ClamAV Potentially Unwanted Applications (PUA)

Use this: https://github.com/extremeshok/clamav-unofficial-sigs