[clamav-users] ClamAV to detect exploits for the Equation Editor vulnerability in DOC files
G.W. Haywood
clamav at jubileegroup.co.uk
Sat Jan 23 13:25:47 UTC 2021
Hi there,
On Fri, 22 Jan 2021, Chaminda Indrajith via clamav-users wrote:
> Mainly, we get these virus via E-mail. ...
Can I assume that it's clamd which scans these emails?
> OLE2BlockMacros = "yes"
There are other settings which you might want to investigate. See
for example the 'Alert...' options in the clamd.conf man page which
mostly default to 'no'.
> mail/clamav-milter.conf not found
If you do not use clamav-milter, what takes the message from the mail
server and presents it to clamd? Do you have evidence that clamd at
least finds some threats (of whatever kind) in your incoming mail?
> Database information
> ...
A good selection of signatures. :)
> [root at mailin-04 ~]# cat /etc/redhat-release
> CentOS Linux release 7.9.2009 (Core)
Shame about CentOS. :(
> I can put the viruses in a FTP server and share them with you.
Please do. Please provide the files as complete original email
messages, not just as the attached files (and let me know where
I can find them of course. :)
> Usually, I forward the virus mails to Sanesecurity.
+1
You might want to send them to the ClamAV team too, and perhaps
also to Securiteinfo - the maintainer of those signatures has
occasionally asked on this list for samples to be sent to him.
The ClamAV team is more interested in malware/phishing than spam.
It can be onerous to make many submissions, I'm working on a system
which automates it to some extent but it's not yet ready to publish.
> I hope that I have provided the sufficient information for you.
We're getting there. :)
> Thanks for your support.
You're welcome.
--
73,
Ged.
More information about the clamav-users
mailing list