steveb_clamav at sanesecurity.com
Mon Feb 8 20:44:37 UTC 2016
On Mon, February 8, 2016 7:39 pm, Scott B. Anderson wrote:
> How do you handle the new Office 97-05 trojan documents without macros
> that still contain Trojans that abuse the rtf 'engine' in office
> 2010/13/16 to root workstations without the .doc or .xls actually
> containing a macro?
If you are using ClamAV you can block these easily with badmacro.ndb.
In addition phish.ndb will block xml types with rogue.hdb to fill
in the rest of the crappy stuff.
Web : sanesecurity.com
More information about the MailScanner