Virus Parser
Moris Kod
moriskod at yahoo.com
Wed Feb 24 03:10:37 UTC 2016
Do you have an email to submit infected ole files to be added to the
badmacro.ndb? I have one now that is several days old that is notflagged by clamd with badmacro.ndb. It is up to 26 of 55 on virustotal now.
From: Steve Basford <steveb_clamav at sanesecurity.com>
To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
Sent: Monday, February 8, 2016 2:44 PM
Subject: RE: Virus Parser
On Mon, February 8, 2016 7:39 pm, Scott B. Anderson wrote:
> How do you handle the new Office 97-05 trojan documents without macros
> that still contain Trojans that abuse the rtf 'engine' in office
> 2010/13/16 to root workstations without the .doc or .xls actually
> containing a macro?
>
If you are using ClamAV you can block these easily with badmacro.ndb.
In addition phish.ndb will block xml types with rogue.hdb to fill
in the rest of the crappy stuff.
http://sanesecurity.com/usage/linux-scripts/
Cheers,
Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
Twitter: @sanesecurity
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20160224/dfd5e0f0/attachment.html>
More information about the MailScanner
mailing list