[Clamav-devel] clamav-0.101.0-beta AlertEncryptedDoc true

Micah Snyder (micasnyd) micasnyd at cisco.com
Thu Nov 1 15:24:27 EDT 2018


At present, only encrypted PDF's will alert using AlertEncryptedDoc.  In the future, I would like to detect encryption in other document formats.

I realize it seems a little silly that the feature only works for PDFs at this time, so here is a little context.  In 0.100, the only option was ArchiveBlockEncrypted.  ArchiveBlockEncrypted, despite what the name implies, will alert on both encrypted archives and encrypted PDFs.  Separating the options was done at the request of users who have been using ArchiveBlockEncrypted in a mail filtering application and were frustrated that their encrypted payroll documents were getting blocked, but did not want to allow potentially malicious encrypted archives.  For 0.101, we separated ArchiveBlockEncrypted into AlertEncryptedDoc and AlertEncryptedArchive, retaining the more generic AlertEncrypted option for users who would want to continue using a single option.

Regards,
Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Nov 1, 2018, at 2:43 PM, Paul <paul at netpresto.co.uk<mailto:paul at netpresto.co.uk>> wrote:

HI

Should I be seeing encrypted (password protected) MS Office docx files detected with "AlertEncryptedDoc true"

Regards Paul


_______________________________________________
clamav-devel mailing list
clamav-devel at lists.clamav.net<mailto:clamav-devel at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-devel

Please submit your patches to our Bugzilla: http://bugzilla.clamav.net

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



More information about the clamav-devel mailing list