[clamav-users] ClamAV to detect exploits for the Equation Editor vulnerability in DOC files

[Chaminda Indrajith]

Hi ,

> Mainly, we get these virus via E-mail. ...

Can I assume that it's clamd which scans these emails?
Yes. Clamd scans the e-mails

> OLE2BlockMacros = "yes"

There are other settings which you might want to investigate.  See for
example the 'Alert...' options in the clamd.conf man page which mostly
default to 'no'.

I will check the Alert option in Clamd.conf

> mail/clamav-milter.conf not found

If you do not use clamav-milter, what takes the message from the mail server
and presents it to clamd?  Do you have evidence that clamd at least finds
some threats (of whatever kind) in your incoming mail?

I use MailScanner and MailScanner takes the message from postfix and present
it to clamd. Yes, I have the evidence that Clamd finds threats, but it
cannot detect some of the threats


> I can put the viruses in a FTP server and share them with you.

Please do.  Please provide the files as complete original email messages,
not just as the attached files (and let me know where I can find them of
course. :)

I will share the complete messages that stored by MailScanner and I will
share the FTP access details separately. Daily I will share the threats that
were not detected by Clamd
> Usually, I forward the virus mails to Sanesecurity.

+1

You might want to send them to the ClamAV team too, and perhaps also to
Securiteinfo - the maintainer of those signatures has occasionally asked on
this list for samples to be sent to him.
The ClamAV team is more interested in malware/phishing than spam.

How can I share the threats with ClamAV Team. Can I share the same FTP
access details

Thanks again for your great explanation and support.

Regards

Chaminda Indrajith