[clamav-users] [External] xlsm files
Joe Acquisto-j4
joea at j4computers.com
Tue Dec 22 23:08:02 UTC 2020
>>On 12/22/2020 5:51 PM, Joe Acquisto-j4 wrote:
>> Quite new to clamav. Using with Spamassassin on Linux and it appears to
> scan properly and detects EICAR as an attachment.
>>
>> For last several weeks have been getting SPAM with xlsm file attached,
> claiming to be invoice or payment receipt or whatever. "Please open" sort of
> messages.
>>
>> Since these are macro enabled, and clearly have no validity in my context,
> one presumes malicious intent. ClamAV does not detect any evil thing-lets,
> but then, I have scanned the files with other AV products and they do not
> detect anything either.
>>
>> So, why do I worry? Am I deluded as to the potential danger or have I
> simply failed to properly inform the AV products, ClamAV specifically, to
> inspect these files properly? Or, must I add additional (signature?)
> packages I am not aware of?
>>
>> joe a.
>>
> Joe, you might look at enabling the OLEVBMacro plugin and adding the KAM
> Ruleset, https://mcgrail.com/template/kam.cf_channel, which has rules to
> help combat these type of spam emails.
>
> Regards,
> KAM
>
Kevin, I hesitate to ask here, but, you refer to SA I believe? I've been lurking there regarding the KAM discussion.
joe a.
More information about the clamav-users
mailing list