[clamav-users] Quick question...

Thu Nov 9 23:23:38 UTC 2017

Does anyone know if the DDE payloads in Word documents are getting caught?

I had a customer with a very strange virus, basically it downloaded his inbox and was responding to recipients with an attached Word document.
This was coming from a botnet with the "EHLO localhost” signature.  Spam filters are catching them from SPF, and I haven’t yet analyzed the attachment, so it might just be junk.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300