Re: [clamav-users] FP Ppt.Exploit.CVE_2017_0199-6336815-1

2017-10-05 Thread Joel Esler (jesler) 
This signature was fixed this morning.

Sent from my iPhone

On Oct 5, 2017, at 5:03 PM, Al Varnell 
> wrote:

Please don't include signatures that apply to all file types in your email to 
the list as the message gets marked as infected. I'm sure some of the 
intermediate servers will reject the message, as well.

-Al-

On Thu, Oct 05, 2017 at 01:59 PM, Vincent Fox wrote:
Hi,

Getting hits today on this entry in daily.cld.

[root@smtp1 clamav]# sigtool --find-sigs 
Ppt.Exploit.CVE_2017_0199-6336815-1|sigtool --decode-sigs

Thanks!
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] FP Ppt.Exploit.CVE_2017_0199-6336815-1

2017-10-05 Thread Al Varnell 
Please don't include signatures that apply to all file types in your email to 
the list as the message gets marked as infected. I'm sure some of the 
intermediate servers will reject the message, as well.

-Al-

On Thu, Oct 05, 2017 at 01:59 PM, Vincent Fox wrote:
> Hi,
> 
> Getting hits today on this entry in daily.cld.
> 
> [root@smtp1 clamav]# sigtool --find-sigs 
> Ppt.Exploit.CVE_2017_0199-6336815-1|sigtool --decode-sigs
> 
> Thanks!


smime.p7s
Description: S/MIME cryptographic signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] FP Ppt.Exploit.CVE_2017_0199-6336815-1

2017-10-05 Thread Vincent Fox 
Hi,

Getting hits today on this entry in daily.cld.

[root@smtp1 clamav]# sigtool --find-sigs 
Ppt.Exploit.CVE_2017_0199-6336815-1|sigtool --decode-sigs
VIRUS NAME: Ppt.Exploit.CVE_2017_0199-6336815-1
TARGET TYPE: ANY FILE
OFFSET: *
DECODED SIGNATURE:
schemas.openxmlformats.org/officedocument{WILDCARD_ANY_STRING(LENGTH<=500)}script:

Thanks!



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml