What is PUA.Pdf.Trojan.EmbeddedJS-1 and PUA.Pdf.Trojan.EmbeddedJavaScript-1?
According to ClamAV, this is a "PUA" Potentially Unwanted Application detection and not really a false positive -- clam has correctly identified a .pdf file containing javascript.
The ClamAV team response in the past is they won't remove PUA signatures that are working as intended. Although PUA detection is optional however, is currently set to ON by us to protect our user from receiving potential harmful attachment.
The reason the PDF been blocked by ClamAV in our MX server was due to it containing javascript.
Currently, you have 2 options to solve this PDF issues:-
- Option 1: advise the sender to password protect the PDF file to avoid it to be scanned by the ClamAV.
- Option 2: bypass all the incoming email at our MX server and directly send to your mail server and let the local SpamAssassin scan your incoming email.
Option 2 required our assistance and please don't hesitate to contact our support for this purpose.
