With the release of ClamAV 0.91.2 we introduce the option to scan for Potentially Unwanted Applications. The PUA database contains detection for applications that are not malicious by itself but can be used in a malicious or unwanted context.
As an example: A tool to retrieve passwords from a system can be useful as long as the person who uses it, is
authorized to do so. However, the same tool can be used to steal passwords from a system.

To make use of the PUA database you can use the ”—detect-pua” switch for clamscan or enable it in the config file for clamd.

At this point we DON’T recommend using it in production environments, because the detection may be too agressive and lead to false positives. In one of the next releases we will provide additional features for fine-tuning allowing better adjustments to different setups.