Hi Steve,
On Mon, 22 Aug 2016, Steve Basford wrote:
3rd Party sigs: phish.ndb, foxhole_filename.cdb, foxhole_generic.cdb,
foxhole_js.cdb can usually block these script type nasties.
We've been using phish.ndb for some years. The version used to scan
the message was last updated on 18th August and didn't catch it.
Until now we haven't used the foxhole databases, so yesterday I
configured the three you mentioned and scanned the attachment:
8<----------------------------------------------------------------------
mail5:~$ >>> clamdscan /tmp/Delivery_Notification_0000219550.zip
/tmp/Delivery_Notification_0000219550.zip: Sanesecurity.Foxhole.Zip_fs351.UNOFFICIAL FOUND
----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.012 sec (0 m 0 s)
8<----------------------------------------------------------------------
Thanks once again for all your efforts Steve. :)
--
73,
Ged.
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
