[clamav-users] [External] xlsm files
Kevin A. McGrail
kmcgrail at pccc.com
Tue Dec 22 22:57:36 UTC 2020
On 12/22/2020 5:51 PM, Joe Acquisto-j4 wrote:
> Quite new to clamav. Using with Spamassassin on Linux and it appears to scan properly and detects EICAR as an attachment.
>
> For last several weeks have been getting SPAM with xlsm file attached, claiming to be invoice or payment receipt or whatever. "Please open" sort of messages.
>
> Since these are macro enabled, and clearly have no validity in my context, one presumes malicious intent. ClamAV does not detect any evil thing-lets, but then, I have scanned the files with other AV products and they do not detect anything either.
>
> So, why do I worry? Am I deluded as to the potential danger or have I simply failed to properly inform the AV products, ClamAV specifically, to inspect these files properly? Or, must I add additional (signature?) packages I am not aware of?
>
> joe a.
>
Joe, you might look at enabling the OLEVBMacro plugin and adding the KAM
Ruleset, https://mcgrail.com/template/kam.cf_channel, which has rules to
help combat these type of spam emails.
Regards,
KAM
More information about the clamav-users
mailing list