ected documents.
But if you want, have a look in to the thread 'custom extension to
ASSP_AFC'
Thomas
Von:K Post <nntp.p...@gmail.com>
An: ASSP development mailing list <assp-test@lists.sourceforge.net>
Datum: 20.10.2016 02:33
Betreff: Re: [Assp-test] Password Protected &q
Hmm - OK - and where is the problem?
- has AFC not detected doc(xm)?
- has AFC not detected MS macros?
Thomas
Von:Grayhat <gray...@gmx.net>
An: assp-test@lists.sourceforge.net
Datum: 19.10.2016 14:46
Betreff: Re: [Assp-test] Password Protected "RTF" Files S
:: On Wed, 19 Oct 2016 13:31:55 +0200
::
::
Thomas Eckardt wrote:
> 4. I'm unable to password protect RTF files (tried office 2003, XP,
> 2013) - password is removed
I suspect
> 4. I'm unable to password protect RTF files (tried office 2003, XP, 2013)
> - password is removed
I suspect the .RTF file is simply a renamed .docx. Word opens and
recognizes the format and doesn't acknowledge the mismatched extension.
- Bob
emoved
3.and 4 may be possible using another software. It would be nice to have
such RTF files.
Thomas
Von:K Post <nntp.p...@gmail.com>
An: ASSP development mailing list <assp-test@lists.sourceforge.net>
Datum: 19.10.2016 02:20
Betreff: Re: [Assp-test] Password
:: On Wed, 19 Oct 2016 09:14:44 +0200
:: <20161019091444.5...@gmx.net>
:: Grayhat wrote:
> Ok for the sigs being up-to-date; but my point was about the "extra"
> signatures offered by SaneSecurity, not the regular ones; I found that
> the regular signatures are often
:: On Tue, 18 Oct 2016 11:29:44 -0400
::
:: K Post wrote:
> > I suppose that, since you're talking (ok, writing) about AFC, you're
> > running ClamAV; now... are you using the extra signatures available
> >
Thanks Bob for this research. We should be safe, even if a user opened it
here, but yeah, it's possible that we wouldn't be
So the question remains, can we get AFC modified to reject
encrypted/password protected Office documents - or RTF office files -
altogether? The reasoning is the same
Ok, thanks to Doug and Ken for sending me a sample.
This thing simply installs a Trojan (MBAM calls it "Trojan.Agent.VBS")
and then connects to server(s) to download additional Malware, if the
user opens it, enters the password (and has a version of Word that
recognizes it) and then enables
We are using up to date clamav sigs. The problem is that these files are
encrypted so they're not being detected.
On Tue, Oct 18, 2016 at 11:19 AM, Grayhat wrote:
> :: On Tue, 18 Oct 2016 10:27:10 -0400
> ::
:: On Tue, 18 Oct 2016 17:19:55 +0200
:: <20161018171955.3...@gmx.net>
:: Grayhat wrote:
> :: On Tue, 18 Oct 2016 10:27:10 -0400
> ::
> ::
> K Post wrote:
>
> > VirusTotal has zero
>>> On Oct 18, 2016, at 11:20 AM, K Post nntp.p...@gmail.com wrote:
>>> Doug,
>>> So you're seeing this too! Did it just start this morning?
Yes and that it did.
Doug
--
Check out the vibrant tech community on one of
:: On Tue, 18 Oct 2016 10:27:10 -0400
::
:: K Post wrote:
> VirusTotal has zero hits on the samples that I submitted, but if
> they're encrypted, that explains why...
I suppose that, since you're talking
>>> On Oct 18, 2016, at 11:12 AM, K Post nntp.p...@gmail.com wrote:
>>> organizations (some really big ones too) are seeing this on their mail
>>> systems this morning too.
I took the hammer approach and temporarily put it in the blocked attachment
list.
Doug
Can you stick it in bombRe for now to deal with it?
On Tue, Oct 18, 2016 at 3:50 PM, K Post wrote:
> We're getting slammed with these now. All of the files have
> uri="http://schemas.microsoft.com/office/2006/keyEncryptor/password;> in
> them. Can we block based on
We're getting slammed with these now. All of the files have
http://schemas.microsoft.com/office/2006/keyEncryptor/password;> in
them. Can we block based on content of a file??
I'm guessing this is a new Locky, but now encrypted to scanners don't catch
them.
On Tue, Oct 18, 2016 at 10:27 AM, K
16 matches
Mail list logo