Virus Parser

Steve Basford steveb_clamav at
Mon Feb 8 20:44:37 UTC 2016

On Mon, February 8, 2016 7:39 pm, Scott B. Anderson wrote:
> How do you handle the new Office 97-05 trojan documents without macros
> that still contain Trojans that abuse the rtf 'engine' in office
> 2010/13/16 to root workstations without the .doc or .xls actually
> containing a macro?
If you are using ClamAV you can block these easily with badmacro.ndb.

In addition phish.ndb will block xml types with rogue.hdb to fill
in the rest of the crappy stuff.


Web :
Twitter: @sanesecurity

More information about the MailScanner mailing list