Hi, We have a few this morning from a few of our servers too which contain docx files
thisisasecretfile.docx: Ppt.Exploit.CVE_2017_0199-6336815-1 FOUND Regards Simon > On 5 Oct 2017, at 09:49, Al Varnell <alvarn...@mac.com> wrote: > > Please don't include signatures that apply to "Any File" in an e-mail as it > was detected as infected upon arrival and could easily be blocked by > intermediate mail servers. > > -Al- > > On Thu, Oct 05, 2017 at 01:42 AM, Hajo Locke wrote: >> since yesterday we found a lot of malware called >> Ppt.Exploit.CVE_2017_0199-6336815-1 >> Hitrate is extremly increasing. Currently i believe this is a FP. >> Signature looks short: >> Ppt.Exploit.CVE_2017_0199-6336815-1 <snip> >> This decodes to: >> <snip> >> >> Unfortunately i cant sent samples of found docx-files, because they are >> privat. >> Anybody else noticed this behaviour? >> >> Thanks, >> Hajo > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
