Clamd does not detect all Makros.
Heino Backhaus
heino.backhaus at fink-computer.de
Wed Oct 19 13:48:40 UTC 2016
just sent...
Mit freundlichen Gruessen
H. Backhaus
Fink-Computer Systeme
Heggrabenstr. 9, 35435 Wettenberg
Email: heino.backhaus at fink-computer.de
Web: www.fink-computer.de
Fax: +49-641-98444638
Fon: +49-641-98444640
UST-ID: DE151040770
HRB: 2143 Gießen
GF: Fredi Fink
"In retrospect it becomes clear that hindsight is definitely overrated!"
-Alfred E. Neumann
Am 19.10.2016 um 15:42 schrieb Steve Basford:
> On Wed, October 19, 2016 2:24 pm, Heino Backhaus wrote:
>> Hello List,
>>
>>
>> we've seen some mails containing malicius macros not detected by clamav
>> with "OLE2BlockMacros yes".
>>
>> https://virustotal.com/de/file/76b8348170c8f44a1030765118ad71b5b93374aad9
>> 3e24e0b106ccbcf7c89547/analysis/
>>
> Just as a note, this detected by ClamAV already as a hash:
>
> Doc.Dropper.Agent-1776597
> 66f869afeb0bc8fcc91307a3155c3118:207360
>
> Could you throw a copy to samples AT sanesecurity.org.uk and I'll
> take a quick peek.
>
More information about the MailScanner
mailing list