[clamav-users] swift.doc Doc.Dropper.Agent-1776597
Joel Esler (jesler)
jesler at cisco.com
Wed Oct 19 10:12:50 EDT 2016
Heino,
Can you clarify which sig caught it?
Doc.Dropper.Agent-177659 is not an actual sig number.
--
Joel Esler | Talos: Manager| jesler at cisco.com<mailto:jesler at cisco.com>
On Oct 19, 2016, at 10:08 AM, Steve Basford <steveb_clamav at sanesecurity.com<mailto:steveb_clamav at sanesecurity.com>> wrote:
On Wed, October 19, 2016 3:05 pm, Joel Esler (jesler) wrote:
So to be clear, it is not detected or it is detected?
I think here's saying...
* It *should* have been blocked with OLE2BlockMacros yes option but *wasn't*
* It is now detected as Doc.Dropper.Agent-177659
--
Cheers,
Steve
Twitter: @sanesecurity
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list