On Wed 15 Nov 2017 01:14:00 -0800 Al Varnell <alvarn...@mac.com> wrote:
>On Tue, Nov 14, 2017 at 07:45 AM, Mark Foley wrote: >> I found this older message in the archives. I'm receiving a lot of fake >> "Invoice" messages with attached encrypted .doc files that run VB scripts and >> execute .exe files. >> >> I'd like to block encrypted Word documents. Interestingly, as Reindl Harald >> says, ".docx files *are* zip files", but lately I've been getting .doc files >> which are really .docx file. KDE Dolphin isn't deceived and opens the >> attachment as an archive, but Word in WIN7 goes ahead and opens it as a >> document. If I rename the document to .docx, then Dolphin opens it in >> LibreOffice. >> >> So, will ArchiveblockEncrypted work on .doc files too? I.e. is clamav smart >> enough to look beyond the extension? > > In general, yes, clamAV doesn't pay attention to extensions and looks for > document signatures that are usually at the top of a file to determine file > type. That being said, I can't confirm exactly how it handles .doc and .docx > files. > Thanks Al. I'll turn this on and experiment. I'll post back my findings. Does anyone have exerience with this? >-Al- > >> Will ArchiveblockEncrypted block *ALL* encrypted archives including zip? >> >> Finally, Dino Edwards wrote: >> >>> Yes, it is - you can turn ArchiveBlockEncrypted off in clamd.conf (it's off >>> by default) >> >> Is that a typeo? Did he mean "you can turn ArchiveBlockEncrypted on in >> clamd.conf"? Seems like turning this "off" would NOT block encrypted files. >> >> THX --Mark >> >> -----Original Message----- >>> Date: Wed, 5 Apr 2017 21:19:47 +0200 >>> From: Reindl Harald <h.rei...@thelounge.net <mailto:h.rei...@thelounge.net>> >>> >>> technically .docx *are* zip files >>> >>> Am 05.04.2017 um 21:08 schrieb Dino Edwards: >>>> Didn't realize the ArchiveblockEncrypted included MS Word files. I thought >>>> it would be for password protected zip rar and such >>>> >>>> -----Original Message----- >>>> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net >>>> <mailto:clamav-users-boun...@lists.clamav.net>] On Behalf Of Benny Pedersen >>>> Sent: Wednesday, April 5, 2017 11:22 AM >>>> To: clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net> >>>> Subject: Re: [clamav-users] password protected encrypted .docx files >>>> >>>> Dino Edwards skrev den 2017-04-05 16:48: >>>>> Any way to get clamav to block password protected Microsoft word files? >>>> >>>> Yes, it is - you can turn ArchiveBlockEncrypted off in clamd.conf (it's >>>> off by default) >>>> >>>> if not working pastebin your clamconf (clamav section only) _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
