I'm having this same issue. The problem as I see it is that the .doc attached to these "Invoice" message is encrypted and clamav does not see what's inside. I'm discussing this encrypted attachment issue in my thread, subject: "password protected encrypted .docx files". I'm continuing to research this.
--Mark On Wed, 15 Nov 2017 15:09:59 -0300 Emanuel <emanuel.gonza...@donweb.com> wrote: > Other virus not detected > > https://www.virustotal.com/#/file/6b7b11077b2bcdbce94eff73722a4f78103d2e87bd4331654bc65c0daeb176dd/detection > > > El 14/11/17 a las 09:52, Emanuel escribió: > > Scan the attachment, clamav not detect this file. > > > > > > El 14/11/17 a las 09:51, Al Varnell escribió: > >> You mentioned two attachments. Kaspersky and ClamXAV appear to catch > >> the first one, but neither catch the second one you showed us. The > >> SHA246 for a file is the same no matter what scanner is used. > >> > >> -Al- > >> > >> On Tue, Nov 14, 2017 at 04:36 AM, Emanuel wrote: > >>> the first scan is with kaspersky online > >>> > >>> > >>> El 14/11/17 a las 09:31, Al Varnell escribió: > >>>> That's not the same file you showed before. The SHA256 is different. > >>>> > >>>> -Al- > >>>> > >>>> On Tue, Nov 14, 2017 at 04:23 AM, Emanuel wrote: > >>>>> Please see > >>>>> > >>>>> https://www.virustotal.com/es-ar/file/323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b5da4/analysis/1510662252/ > >>>>> > >>>>> <https://www.virustotal.com/es-ar/file/323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b5da4/analysis/1510662252/> > >>>>> > >>>>> <https://www.virustotal.com/es-ar/file/323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b5da4/analysis/1510662252/ > >>>>> > >>>>> <https://www.virustotal.com/es-ar/file/323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b5da4/analysis/1510662252/>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> El 14/11/17 a las 09:00, Al Varnell escribió: > >>>>>> According to VirusTotal, ClamAV does detect it as > >>>>>> Doc.Dropper.Agent-6369707-0 > >>>>>> <https://www.virustotal.com/en/file/142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf/analysis/ > >>>>>> > >>>>>> <https://www.virustotal.com/en/file/142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf/analysis/> > >>>>>> > >>>>>> <https://www.virustotal.com/en/file/142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf/analysis/ > >>>>>> > >>>>>> <https://www.virustotal.com/en/file/142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf/analysis/>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> but go ahead and try to submit it anyway. > >>>>>> > >>>>>> -Al- > >>>>>> > >>>>>> On Tue, Nov 14, 2017 at 03:33 AM, Emanuel wrote: > >>>>>>> Hello, > >>>>>>> > >>>>>>> I received two docs files in a email with the Subject "Invoice". > >>>>>>> The attachment is a malware virus, clamav not detected this. > >>>>>>> > >>>>>>> Scan with kaspersky > >>>>>>> > >>>>>>> > >>>>>>> Scan result > >>>>>>> File is infected > >>>>>>> Detected threats > >>>>>>> Trojan-Downloader.MSWord.Agent.bqx > >>>>>>> File size > >>>>>>> 144.95 KB > >>>>>>> File type > >>>>>>> OOXML/DOCUMENT > >>>>>>> Scan date > >>>>>>> Nov 14 2017 08:15:42 > >>>>>>> Databases release date > >>>>>>> Nov 14 2017 10:36:04 UTC > >>>>>>> MD5 > >>>>>>> 70bdc39f8f57e090bebc4616924cdadc > >>>>>>> SHA1 > >>>>>>> ecf414f8523627a0d5d6637041f6e1e3bbcee62e > >>>>>>> SHA256 > >>>>>>> 142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf > >>>>>>> > >>>>>>> it's possible to add manually this virus to the clamav database? > >>>> > >>>> > >>>> _______________________________________________ > >>>> clamav-users mailing list > >>>> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net> > >>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > >>>> > >>>> > >>>> Help us build a comprehensive ClamAV guide: > >>>> https://github.com/vrtadmin/clamav-faq > >>>> > >>>> http://www.clamav.net/contact.html#ml > >> -Al- > >> > >> > >> _______________________________________________ > >> clamav-users mailing list > >> clamav-users@lists.clamav.net > >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > >> > >> > >> Help us build a comprehensive ClamAV guide: > >> https://github.com/vrtadmin/clamav-faq > >> > >> http://www.clamav.net/contact.html#ml > > > > -- > envialosimple.com <http://www.envialosimple.com> > Emanuel Gonzalez > Deliverability Specialist > emanuel.gonza...@donweb.com <mailto:emanuel.gonza...@donweb.com> > www.envialosimple.com <http://www.envialosimple.com> > by donweb <http://www.envialosimple.com> > > Nota de confidencialidad: Este mensaje y archivos adjuntos al mismo son > confidenciales, de uso exclusivo para el destinatario del mismo. La > divulgación y/o uso del mismo sin autorización por parte de DonWeb.com > queda prohibida. > DonWeb.com no se hace responsable del mensaje por la falsificación y/o > alteración del mismo. > De no ser Ud el destinatario del mismo y lo ha recibido por error, por > favor, notifique al remitente y elimínelo de su sistema. > Confidentiality Note: This message and any attachments (the message) are > confidential and intended solely for the addressees. Any unauthorised > use or dissemination is prohibited by DonWeb.com. > DonWeb.com shall not be liable for the message if altered or falsified. > If you are not the intended addressee of this message, please cancel it > immediately and inform the sender > Nota de Confidencialidade: Esta mensagem e seus eventuais anexos podem > conter dados confidenciais ou privilegiados. > Se você os recebeu por engano ou não é um dos destinatários aos quais > ela foi endereçada, por favor destrua-a e a todos os seus eventuais > anexos ou copias realizadas, imediatamente. > É proibida a retenção, distribuição, divulgação ou utilização de > quaisquer informações aqui contidas. > Por favor, informenos sobre o recebimento indevido desta mensagem, > retornando-a para o autor. > > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
