diff --git a/docs/u_e-rspamd.md b/docs/u_e-rspamd.md
index a565cf8b0..6493b38f8 100644
--- a/docs/u_e-rspamd.md
+++ b/docs/u_e-rspamd.md
@@ -70,3 +70,19 @@ Simply add the line:
 Save the file and then restart the rspamd container.
 
 See [Rspamd documentation](https://rspamd.com/doc/index.html)
+
+## Whitelist specific ClamAV signatures
+
+You may find that legitimate (clean) mail is being blocked by ClamAV (Rspamd will flag the mail with `VIRUS_FOUND`). For instance, interactive PDF form attachments are blocked by default because the embedded Javascript code may be used for nefarious purposes. Confirm by looking at the clamd logs, e.g.:
+
+`docker-compose logs clamd-mailcow | grep FOUND`
+
+This line confirms that such was identified:
+
+`clamd-mailcow_1      | Sat Sep 28 07:43:24 2019 -> instream(local): PUA.Pdf.Trojan.EmbeddedJavaScript-1(e887d2ac324ce90750768b86b63d0749:363325) FOUND`
+
+To whitelist this particular signature (and enable sending this type of file attached), add it to the ClamAV signature whitelist file:
+
+`echo 'PUA.Pdf.Trojan.EmbeddedJavaScript-1' >> data/conf/clamav/whitelist.ign2`
+
+Then restart the clamd-mailcow service.