[clamav-users] Sigtool parsing issues

Steve Basford steveb_clamav at sanesecurity.com
Mon Aug 15 11:39:46 EDT 2016


On Mon, August 15, 2016 4:25 pm, Jack wrote:
> Great, thanks. Here is the output with ‘—debug’:
>
>
> LibClamAV debug: Initialized 0.99.2 engine
> LibClamAV debug: in cli_ole2_extract()
> LibClamAV debug: OLE2 magic failed!
> LibClamAV debug: Cleaning up phishcheck
> LibClamAV debug: Phishcheck cleaned up
>
>
> To note, the document opens fine in Microsoft Word, and oletools has no
> issues dumping out the macros.
>
badmacro.ndb is picking up these (Sanesecurity.Badmacro.Doc.df).... and
yep, sigtool doesn't seem to dump the macro.... but clamscan will extract
the macro files ok.

Cheers,

Steve
Web : sanesecurity.com
Twitter: @sanesecurity




More information about the clamav-users mailing list