At present, only encrypted PDF's will alert using AlertEncryptedDoc. In the future, I would like to detect encryption in other document formats.
I realize it seems a little silly that the feature only works for PDFs at this time, so here is a little context. In 0.100, the only option was ArchiveBlockEncrypted. ArchiveBlockEncrypted, despite what the name implies, will alert on both encrypted archives and encrypted PDFs. Separating the options was done at the request of users who have been using ArchiveBlockEncrypted in a mail filtering application and were frustrated that their encrypted payroll documents were getting blocked, but did not want to allow potentially malicious encrypted archives. For 0.101, we separated ArchiveBlockEncrypted into AlertEncryptedDoc and AlertEncryptedArchive, retaining the more generic AlertEncrypted option for users who would want to continue using a single option. Regards, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. On Nov 1, 2018, at 2:43 PM, Paul <p...@netpresto.co.uk<mailto:p...@netpresto.co.uk>> wrote: HI Should I be seeing encrypted (password protected) MS Office docx files detected with "AlertEncryptedDoc true" Regards Paul _______________________________________________ clamav-devel mailing list clamav-devel@lists.clamav.net<mailto:clamav-devel@lists.clamav.net> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-devel Please submit your patches to our Bugzilla: http://bugzilla.clamav.net Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ clamav-devel mailing list clamav-devel@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-devel Please submit your patches to our Bugzilla: http://bugzilla.clamav.net Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml