Virus Parser

Moris Kod moriskod at yahoo.com
Wed Feb 24 03:10:37 UTC 2016


Do you have an email to submit infected ole files to be added to the 
badmacro.ndb?    I have one now that is several days old that is notflagged by clamd with badmacro.ndb.     It is up to 26 of 55 on virustotal now.


      From: Steve Basford <steveb_clamav at sanesecurity.com>
 To: MailScanner Discussion <mailscanner at lists.mailscanner.info> 
 Sent: Monday, February 8, 2016 2:44 PM
 Subject: RE: Virus Parser
   

On Mon, February 8, 2016 7:39 pm, Scott B. Anderson wrote:
> How do you handle the new Office 97-05 trojan documents without macros
> that still contain Trojans that abuse the rtf 'engine' in office
> 2010/13/16 to root workstations without the .doc or .xls actually
> containing a macro?
>
If you are using ClamAV you can block these easily with badmacro.ndb.

In addition phish.ndb will block xml types with rogue.hdb to fill
in the rest of the crappy stuff.

http://sanesecurity.com/usage/linux-scripts/

Cheers,

Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
Twitter: @sanesecurity



-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner



  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20160224/dfd5e0f0/attachment.html>


More information about the MailScanner mailing list