[clamav-users] Ppt.Exploit.CVE_2017_0199-6336815-1 FP?
Al Varnell
alvarnell at mac.com
Thu Oct 5 08:49:26 UTC 2017
Please don't include signatures that apply to "Any File" in an e-mail as it was detected as infected upon arrival and could easily be blocked by intermediate mail servers.
-Al-
On Thu, Oct 05, 2017 at 01:42 AM, Hajo Locke wrote:
> since yesterday we found a lot of malware called Ppt.Exploit.CVE_2017_0199-6336815-1
> Hitrate is extremly increasing. Currently i believe this is a FP.
> Signature looks short:
> Ppt.Exploit.CVE_2017_0199-6336815-1 <snip>
> This decodes to:
> <snip>
>
> Unfortunately i cant sent samples of found docx-files, because they are privat.
> Anybody else noticed this behaviour?
>
> Thanks,
> Hajo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3569 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20171005/afee6db1/attachment.bin>
More information about the clamav-users
mailing list