Virus Parser

Moris Kod moriskod at
Wed Feb 24 03:10:37 UTC 2016

Do you have an email to submit infected ole files to be added to the 
badmacro.ndb?    I have one now that is several days old that is notflagged by clamd with badmacro.ndb.     It is up to 26 of 55 on virustotal now.

      From: Steve Basford <steveb_clamav at>
 To: MailScanner Discussion <mailscanner at> 
 Sent: Monday, February 8, 2016 2:44 PM
 Subject: RE: Virus Parser

On Mon, February 8, 2016 7:39 pm, Scott B. Anderson wrote:
> How do you handle the new Office 97-05 trojan documents without macros
> that still contain Trojans that abuse the rtf 'engine' in office
> 2010/13/16 to root workstations without the .doc or .xls actually
> containing a macro?
If you are using ClamAV you can block these easily with badmacro.ndb.

In addition phish.ndb will block xml types with rogue.hdb to fill
in the rest of the crappy stuff.


Web :
Twitter: @sanesecurity

MailScanner mailing list
mailscanner at

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the MailScanner mailing list