[clamav-users] swift.doc Doc.Dropper.Agent-1776597

Joel Esler (jesler) jesler at cisco.com
Wed Oct 19 10:12:50 EDT 2016


Can you clarify which sig caught it?

Doc.Dropper.Agent-177659 is not an actual sig number.

Joel Esler | Talos: Manager| jesler at cisco.com<mailto:jesler at cisco.com>

On Oct 19, 2016, at 10:08 AM, Steve Basford <steveb_clamav at sanesecurity.com<mailto:steveb_clamav at sanesecurity.com>> wrote:

On Wed, October 19, 2016 3:05 pm, Joel Esler (jesler) wrote:
So to be clear, it is not detected or it is detected?

I think here's saying...

* It *should* have been blocked with OLE2BlockMacros yes option but *wasn't*
* It is now detected as Doc.Dropper.Agent-177659


Twitter: @sanesecurity

Help us build a comprehensive ClamAV guide:


More information about the clamav-users mailing list