[clamav-users] signature for cve2017-11882
Jigar
ojigar at gmail.com
Sat Mar 27 16:29:58 UTC 2021
Hello,
In the first week of March 2021, multiple users had received email
with xlsx attachment having exploit for CVE-2017-11882. The clamav
could not detect it but other antivirus like eScan and ESET could
detect it as malware threat.
With our first time effort, we tried to build the signature and could
do it with the help of existing infected file. The same was submitted
in clamav for multiple time as there were some issue in signature
generation. However, after few more efforts using debug of tmp file,
we could generate signature. The same has been attached for testing
and help. So, other clamav user can be benefited.
We also need guidance:
1. How to identify the correct file to generate the generic signature,
especially if files with different name but same exploit has been
sent.
With Regards
Jigar Raval
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sig.hdb
Type: application/octet-stream
Size: 170 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20210327/7545d170/attachment.obj>
More information about the clamav-users
mailing list