[clamav-users] Encrypted Word doc/phishing attack

Joel Esler (jesler) jesler at cisco.com
Wed Oct 19 10:06:21 EDT 2016


Seems logical.  bugzilla.clamav.net<http://bugzilla.clamav.net> would be a good place to submit the feature request.

--
Joel Esler | Talos: Manager| jesler at cisco.com<mailto:jesler at cisco.com>





On Oct 19, 2016, at 9:57 AM, Heino Backhaus <heino.backhaus at fink-computer.de<mailto:heino.backhaus at fink-computer.de>> wrote:

Hallo,

i would like to make a featurerequest out of this. We've allso received
mails with password protected office documents.

It would be a nice feature to filter them with an option like the
"OLE2BlockMacros yes" option. Lets call it OLE2BlockEncryption yes|no.

:)


Mit freundlichen Gruessen

H. Backhaus

Fink-Computer Systeme
Heggrabenstr. 9, 35435 Wettenberg
Email: heino.backhaus at fink-computer.de<mailto:heino.backhaus at fink-computer.de>
Web: www.fink-computer.de<http://www.fink-computer.de>
Fax: +49-641-98444638
Fon: +49-641-98444640
UST-ID: DE151040770
HRB: 2143 Gießen
GF: Fredi Fink

"In retrospect it becomes clear that hindsight is definitely overrated!"

 -Alfred E. Neumann

Am 12.10.2016 um 16:03 schrieb Joel Esler (jesler):
Alex,

I’ll follow up off list to verify what email you submitted them under.


Joel Esler
jesler at cisco.com<mailto:jesler at cisco.com><mailto:jesler at cisco.com>



On Oct 12, 2016, at 8:21 AM, Alex <mysqlstudent at gmail.com<mailto:mysqlstudent at gmail.com><mailto:mysqlstudent at gmail.com>> wrote:

Hi Joel,

On Wed, Oct 5, 2016 at 2:38 PM, Joel Esler (jesler) <jesler at cisco.com<mailto:jesler at cisco.com><mailto:jesler at cisco.com>> wrote:

On Oct 5, 2016, at 1:54 PM, Alex <mysqlstudent at gmail.com<mailto:mysqlstudent at gmail.com><mailto:mysqlstudent at gmail.com>> wrote:

Hi,

Are you submitting these files to ClamAV?

http://www.clamav.net/reports/malware

Not always, primarily because the response time has been too long.
I'll try to more attentively submit them.

It shouldn’t be anymore.  This issue has largely been fixed through some awesome automation.

I submitted a sample about a week ago, and another a few minutes ago,
and never received any type of confirmation, or follow-up that the
file was actually added to the database. Is this the expected
behavior?
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



More information about the clamav-users mailing list