[clamav-users] password protected encrypted .docx files

Mark Foley mfoley at novatec-inc.com
Tue Nov 14 15:45:08 UTC 2017 

I found this older message in the archives. I'm receiving a lot of fake
"Invoice" messages with attached encrypted .doc files that run VB scripts and
execute .exe files.

I'd like to block encrypted Word documents.  Interestingly, as Reindl Harald
says, ".docx files *are* zip files", but lately I've been getting .doc files
which are really .docx file.  KDE Dolphin isn't deceived and opens the
attachment as an archive, but Word in WIN7 goes ahead and opens it as a
document.  If I rename the document to .docx, then Dolphin opens it in
LibreOffice. 

So, will ArchiveblockEncrypted work on .doc files too? I.e. is clamav smart
enough to look beyond the extension?

Will ArchiveblockEncrypted block *ALL* encrypted archives including zip?

Finally, Dino Edwards wrote:

> Yes, it is - you can turn ArchiveBlockEncrypted off in clamd.conf (it's off by default)

Is that a typeo? Did he mean "you can turn ArchiveBlockEncrypted on in
clamd.conf"? Seems like turning this "off" would NOT block encrypted files.

THX --Mark

-----Original Message-----
> Date: Wed, 5 Apr 2017 21:19:47 +0200
> From: Reindl Harald <h.reindl at thelounge.net>
>
> technically .docx *are* zip files
>
> Am 05.04.2017 um 21:08 schrieb Dino Edwards:
> > Didn't realize the ArchiveblockEncrypted included MS Word files. I thought it would be for password protected zip rar and such
> >
> > -----Original Message-----
> > From: clamav-users [mailto:clamav-users-bounces at lists.clamav.net] On Behalf Of Benny Pedersen
> > Sent: Wednesday, April 5, 2017 11:22 AM
> > To: clamav-users at lists.clamav.net
> > Subject: Re: [clamav-users] password protected encrypted .docx files
> >
> > Dino Edwards skrev den 2017-04-05 16:48:
> >> Any way to get clamav to block password protected Microsoft word files?
> >
> > Yes, it is - you can turn ArchiveBlockEncrypted off in clamd.conf (it's off by default)
> >
> > if not working pastebin your clamconf (clamav section only) _______________________________________________
> > clamav-users mailing list
> > clamav-users at lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

More information about the clamav-users mailing list