Steve Basford steveb_clamav at
Wed Mar 18 08:23:18 GMT 2015

On Wed, March 18, 2015 2:38 am, Peter Nitschke wrote:
> How does anyone deal with all the new cryptolock stuff?
> Macros in docx files etc.

If you are using ClamAV, install Sanesecurity sigs.

phish.ndb database contains cryptolock etc. macro blocks
rogue.hdb database contains current hourly zip/rar/7zip macro blocks

foxhole_generic.cdb database blocks some double extensions
foxhole_all.cdb databse blocks pretty much all dangerous items in archives.

More details on


Web :

More information about the MailScanner mailing list