[clamav-users] Rule for false extension rtf
Dave Howe
davehowe at gmail.com
Wed Jul 10 07:03:52 UTC 2019
On 10/07/2019 07:59, Virgo Pärna via clamav-users wrote:
> Lately there have been several malware rtf files with doc
> extension, that I have received by e-mail and that are not immediately
> recognized by clamav. From virustotal scan they appear to be RTF bug
> exploits.
> Since clamav has special type support for rtf, would it be
> possible to write custom rule to block rtf files with doc extension?
Noting I often rename rtf files to doc - because when someone insists on
a "word doc" and you send them a .rtf, when they complain you sent them
the "wrong thing" you are in a lose/lose situation (if you correct them,
they resent it, if you don't, they think you did something wrong)
More information about the clamav-users
mailing list