Ubuntu – How to evaluate clamscan results

clamav

I'm running

clamscan -r --infected --heuristic-scan-precedence=yes --detect-pua=yes --detect-structured=no

and am getting some results like PUA.Html.Trojan.Agent-37075 FOUND. Now, I don't find any instructions

how to evaluate this result, i.e. which workflow has to be processed. Is every result to be removed immediately? Where are documentations of the results? Are there different documentations for different result types?

I'm using clamav 0.99+dfsg-1ubuntu1 on Ubuntu 16.04.

Best Answer

    • "PUA" means "Potential Unwanted Application"
    • "Html" means a webpage

    And it ends there. You should have far more notices otherwise this is a false positive. This (dutch) shows:

    PUA.Win.Tool.Packed-177         
    PUA.Html.Trojan.Agent-37075     
    PUA.Win.Trojan.Xored-1
    

    ... pointing to Windows. What else do you see with that line containing 37075?

    Example of a clear malware problem in the browser ...

    PUA.Phishing.Bank Found

    That shows a site that is considered a phishing.

    I would ditch clamav for linux though. 99% are false positives. You are better off using firefox with noscript, ad aware and flashblock.