[clamav-users] swift.doc Doc.Dropper.Agent-1776597

Joel Esler (jesler) jesler at cisco.com
Wed Oct 19 10:05:44 EDT 2016


So to be clear, it is not detected or it is detected?


--
Joel Esler | Talos: Manager| jesler at cisco.com<mailto:jesler at cisco.com>





On Oct 19, 2016, at 9:50 AM, Heino Backhaus <heino.backhaus at fink-computer.de<mailto:heino.backhaus at fink-computer.de>> wrote:

Hello List,

we've received totay early in the morning mails with a word document
containing a malicius macro,
which was not detected by clamav. It is now detected as
Doc.Dropper.Agent-177659.
I've set up clamd with the OLE2BlockMacros yes option which normaly
works fine, but not with this file.
Even though i've reported this as a bug, i just whanted to ask if
somebody knows more about this.

--
Mit freundlichen Gruessen

H. Backhaus

Fink-Computer Systeme
Heggrabenstr. 9, 35435 Wettenberg
Email: heino.backhaus at fink-computer.de<mailto:heino.backhaus at fink-computer.de>
Web: www.fink-computer.de<http://www.fink-computer.de>
Fax: +49-641-98444638
Fon: +49-641-98444640
UST-ID: DE151040770
HRB: 2143 Gießen
GF: Fredi Fink

"In retrospect it becomes clear that hindsight is definitely overrated!"

 -Alfred E. Neumann

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



More information about the clamav-users mailing list