[Clamav-devel] clamav-0.101.0-beta AlertEncryptedDoc true
Micah Snyder (micasnyd)
micasnyd at cisco.com
Thu Nov 1 15:24:27 EDT 2018
At present, only encrypted PDF's will alert using AlertEncryptedDoc. In the future, I would like to detect encryption in other document formats.
I realize it seems a little silly that the feature only works for PDFs at this time, so here is a little context. In 0.100, the only option was ArchiveBlockEncrypted. ArchiveBlockEncrypted, despite what the name implies, will alert on both encrypted archives and encrypted PDFs. Separating the options was done at the request of users who have been using ArchiveBlockEncrypted in a mail filtering application and were frustrated that their encrypted payroll documents were getting blocked, but did not want to allow potentially malicious encrypted archives. For 0.101, we separated ArchiveBlockEncrypted into AlertEncryptedDoc and AlertEncryptedArchive, retaining the more generic AlertEncrypted option for users who would want to continue using a single option.
Regards,
Micah
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
On Nov 1, 2018, at 2:43 PM, Paul <paul at netpresto.co.uk<mailto:paul at netpresto.co.uk>> wrote:
HI
Should I be seeing encrypted (password protected) MS Office docx files detected with "AlertEncryptedDoc true"
Regards Paul
_______________________________________________
clamav-devel mailing list
clamav-devel at lists.clamav.net<mailto:clamav-devel at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-devel
Please submit your patches to our Bugzilla: http://bugzilla.clamav.net
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
More information about the clamav-devel
mailing list