Re: [clamav-users] How to get each file status when scan a ditrtectory using clamdscan

Some years ago, before ClamAv had an option to follow symlinks when recursing, I modified the source code to add an option to do that. It was not too much work to do it once, but it got tedious to roll the modifications forward and recompile with every new version, as I like to keep up, even ahead

Re: [clamav-users] Encrypted Word doc/phishing attack

Am 05.10.2016 um 21:09 schrieb Michael Grant: I see a ton of these too. But I also have clients who get password protected documents all the time, so it's a bit difficult to just blanket block all password protected documents you don't need to - they just get a additional score in

Re: [clamav-users] Encrypted Word doc/phishing attack

I see a ton of these too. But I also have clients who get password protected documents all the time, so it's a bit difficult to just blanket block all password protected documents. However, if you look at one of these emails, virtually 100% of the virus emails contain the password to decrypt the

Re: [clamav-users] Encrypted Word doc/phishing attack

Am 05.10.2016 um 20:52 schrieb Dennis Peterson: On 10/5/16 11:37 AM, Alex wrote: Can you explain how you configured systemd to start two instances of the same clamd binary using different config files? Create a second config file and give it a unique name or place it in a different

Re: [clamav-users] Encrypted Word doc/phishing attack

On 10/5/16 11:37 AM, Alex wrote: Can you explain how you configured systemd to start two instances of the same clamd binary using different config files? Thanks, Alex # clamd --help Clam AntiVirus Daemon 0.99.2 By The ClamAV Team:

Re: [clamav-users] Encrypted Word doc/phishing attack

> On Oct 5, 2016, at 1:54 PM, Alex wrote: > > Hi, > >> Are you submitting these files to ClamAV? >> >> http://www.clamav.net/reports/malware > > Not always, primarily because the response time has been too long. > I'll try to more attentively submit them. > It

Re: [clamav-users] Encrypted Word doc/phishing attack

Hi, >>> [root@mail-gw:/etc/clamd.d]$ cat scan.conf | grep OLE2BlockMacros >>> OLE2BlockMacros no >>> >>> [root@mail-gw:/etc/clamd.d]$ cat scan-sa.conf | grep OLE2BlockMacros >>> OLE2BlockMacros yes >> >> >> Reindl, I appreciate your input, but I can't just outright reject docs >> with macros.

Re: [clamav-users] Encrypted Word doc/phishing attack

Am 05.10.2016 um 20:02 schrieb Alex: I'm using spamassassin on fedora with amavisd. Is there something that can be done to at least tag them in some way so the end-user knows it's a potential threat? reject attachments with macros or add a clamd instance connected to the clamav-sa-plugin

Re: [clamav-users] Encrypted Word doc/phishing attack

Hi, >> I'm using spamassassin on fedora with amavisd. Is there something that >> can be done to at least tag them in some way so the end-user knows >> it's a potential threat? > > reject attachments with macros or add a clamd instance connected to the > clamav-sa-plugin with a high score as i

Re: [clamav-users] Encrypted Word doc/phishing attack

Hi, > Are you submitting these files to ClamAV? > > http://www.clamav.net/reports/malware Not always, primarily because the response time has been too long. I'll try to more attentively submit them. Thanks, Alex ___ Help us build a comprehensive

Re: [clamav-users] Encrypted Word doc/phishing attack

Alex, Are you submitting these files to ClamAV? http://www.clamav.net/reports/malware -- Joel > On Oct 5, 2016, at 8:21 AM, Alex wrote: > > Hi, > I'm starting to receive emails like this: > > http://pastebin.com/HpvEcT9K > > They're not being caught by clamav or

[clamav-users] clamav not looking in .tbz2 archives?

Content-Type: application/octet-stream MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="Scan - 001265480.tbz2" that beast is a valid bzip2 archive and contains a windows exceutable does clamd not realize that as archive or sansecurity foxhole rules?

Re: [clamav-users] Encrypted Word doc/phishing attack

On Wed, October 5, 2016 1:21 pm, Alex wrote: > Hi, > I'm starting to receive emails like this: > > > http://pastebin.com/HpvEcT9K > > > They're not being caught by clamav or other virus filters. Is it even > possible to catch encrypted Word docs with a virus scanner? > Sorry this is brief, still

Re: [clamav-users] Encrypted Word doc/phishing attack

Hello, > They're not being caught by clamav or other virus filters. Is it even > possible to catch encrypted Word docs with a virus scanner? A signature has been created and will be publish today on our 3rd party signatures:

Re: [clamav-users] Encrypted Word doc/phishing attack

Am 05.10.2016 um 14:21 schrieb Alex: I'm starting to receive emails like this: http://pastebin.com/HpvEcT9K They're not being caught by clamav or other virus filters. Is it even possible to catch encrypted Word docs with a virus scanner? I'm using spamassassin on fedora with amavisd. Is

[clamav-users] Encrypted Word doc/phishing attack

Hi, I'm starting to receive emails like this: http://pastebin.com/HpvEcT9K They're not being caught by clamav or other virus filters. Is it even possible to catch encrypted Word docs with a virus scanner? I'm using spamassassin on fedora with amavisd. Is there something that can be done to at

Re: [clamav-users] How to get each file status when scan a ditrtectory using clamdscan

You have access to the source code. Make it do what you want that it does not already do. dp On 10/3/16 10:05 AM, crazy thinker wrote: Hi, when i scanned a dirtectory using clamdscan, i could get only error and virus file infected files status in output.but i would like to see each file

Re: [clamav-users] How to get each file status when scan a ditrtectory using clamdscan

On 10/03/16 19:05, crazy thinker wrote: > Hi, > > when i scanned a dirtectory using clamdscan, i could get only error and > virus file infected files status in output.but i would like to see each > file status(including "OK" status also ) when i perform scan over sinle > dirtectory / multiple