[clamav-users] Encrypted Word doc/phishing attack

Heino Backhaus heino.backhaus at fink-computer.de
Wed Oct 19 09:57:45 EDT 2016


Hallo,

i would like to make a featurerequest out of this. We've allso received
mails with password protected office documents.

It would be a nice feature to filter them with an option like the
"OLE2BlockMacros yes" option. Lets call it OLE2BlockEncryption yes|no.

:)


Mit freundlichen Gruessen

H. Backhaus 

Fink-Computer Systeme
Heggrabenstr. 9, 35435 Wettenberg
Email: heino.backhaus at fink-computer.de
Web: www.fink-computer.de
Fax: +49-641-98444638
Fon: +49-641-98444640
UST-ID: DE151040770
HRB: 2143 Gießen
GF: Fredi Fink

"In retrospect it becomes clear that hindsight is definitely overrated!"
  
  -Alfred E. Neumann

Am 12.10.2016 um 16:03 schrieb Joel Esler (jesler):
> Alex,
>
> I’ll follow up off list to verify what email you submitted them under.
>
>
> Joel Esler
> jesler at cisco.com<mailto:jesler at cisco.com>
>
>
>
> On Oct 12, 2016, at 8:21 AM, Alex <mysqlstudent at gmail.com<mailto:mysqlstudent at gmail.com>> wrote:
>
> Hi Joel,
>
> On Wed, Oct 5, 2016 at 2:38 PM, Joel Esler (jesler) <jesler at cisco.com<mailto:jesler at cisco.com>> wrote:
>
> On Oct 5, 2016, at 1:54 PM, Alex <mysqlstudent at gmail.com<mailto:mysqlstudent at gmail.com>> wrote:
>
> Hi,
>
> Are you submitting these files to ClamAV?
>
> http://www.clamav.net/reports/malware
>
> Not always, primarily because the response time has been too long.
> I'll try to more attentively submit them.
>
> It shouldn’t be anymore.  This issue has largely been fixed through some awesome automation.
>
> I submitted a sample about a week ago, and another a few minutes ago,
> and never received any type of confirmation, or follow-up that the
> file was actually added to the database. Is this the expected
> behavior?
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml



More information about the clamav-users mailing list