[clamav-users] Quick question...
Al Varnell
alvarnell at mac.com
Fri Nov 10 00:26:44 UTC 2017
On Nov 9, 2017, at 3:23 PM, Eric Tykwinski wrote:
> Does anyone know if the DDE payloads in Word documents are getting caught?
>
> I had a customer with a very strange virus, basically it downloaded his inbox and was responding to recipients with an attached Word document.
> This was coming from a botnet with the "EHLO localhost” signature. Spam filters are catching them from SPF, and I haven’t yet analyzed the attachment, so it might just be junk.
>
> Sincerely,
>
> Eric Tykwinski
For those who have not seen the warning:
https://technet.microsoft.com/en-us/library/security/4053440.aspx
Sent from my iPhone
-Al-
--
Al Varnell
Mountain View, CA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2366 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20171109/1b38a30b/attachment.bin>
More information about the clamav-users
mailing list