Virus Parser

Steve Basford steveb_clamav at sanesecurity.com
Mon Feb 8 20:44:37 UTC 2016


On Mon, February 8, 2016 7:39 pm, Scott B. Anderson wrote:
> How do you handle the new Office 97-05 trojan documents without macros
> that still contain Trojans that abuse the rtf 'engine' in office
> 2010/13/16 to root workstations without the .doc or .xls actually
> containing a macro?
>
If you are using ClamAV you can block these easily with badmacro.ndb.

In addition phish.ndb will block xml types with rogue.hdb to fill
in the rest of the crappy stuff.

http://sanesecurity.com/usage/linux-scripts/

Cheers,

Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
Twitter: @sanesecurity



More information about the MailScanner mailing list