[clamav-users] swift.doc Doc.Dropper.Agent-1776597

Joel Esler (jesler) jesler at cisco.com
Wed Oct 19 10:12:50 EDT 2016


Heino,

Can you clarify which sig caught it?

Doc.Dropper.Agent-177659 is not an actual sig number.


--
Joel Esler | Talos: Manager| jesler at cisco.com<mailto:jesler at cisco.com>





On Oct 19, 2016, at 10:08 AM, Steve Basford <steveb_clamav at sanesecurity.com<mailto:steveb_clamav at sanesecurity.com>> wrote:


On Wed, October 19, 2016 3:05 pm, Joel Esler (jesler) wrote:
So to be clear, it is not detected or it is detected?

I think here's saying...

* It *should* have been blocked with OLE2BlockMacros yes option but *wasn't*
* It is now detected as Doc.Dropper.Agent-177659

--
Cheers,

Steve
Twitter: @sanesecurity

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml




More information about the clamav-users mailing list