On 9 June 2022 13:17:29 Vangelis Katsikaros via clamav-users <clamav-users@lists.clamav.net> wrote:

Hi

I am not a security person so I apologize if the question sounds stupid. I'd like to ask if there is a signature in the clamav DB to recognise Microsoft word documents affected by the "Follina" - CVE-2022-30190 remote code execution vulnerability.

I've added a few signatures into phish.ndb quite a few days ago to detect Follina... including some of the poc versions that use pdf files.

There are some Follina sigs in the official signatures as well.

Hope this is a reassurance.

Cheers,

Steve

Twitter: @sanesecurity