Samples can be easily generated by creating a blank Word or Excel document,
creating an empty macro module with a single empty subroutine, and saving the
Word/Excel file as a .docm or .xlsm file. Scanning one of these brand new files
against a saved copy of the signature shows that it matches (i
Hi,
I noticed this evening that one of my third-party databases was
corrupt and was causing clamd to start. I have a clamav-0.99.2 system
with amavisd-new-2.11.0 on fedora25. I was really hoping someone could
go through my logs below and help me understand what's happened. The
corruption appears to
On Dec 28, 2016, at 2:13 PM, Groach wrote:
> Ok, I know it has already been mentioned before in another 2 threads but it
> seems once again Joel is dismissing the claims or the responsibilities of it
> being damaging to peoples systems (regularly quarantining genuine files and
> emails) and inst
doppelstern aren't used any more but I still mirror the blank files for a
while so people's config don't break.
Cheers,
Steve
Twitter: @sanesecurity
On 28 December 2016 19:57:06 Alex wrote:
Hi Steve,
crdfam.clamav.hdb,pool memory used: 4.355 MB
doppelstern-phishtank.ndb,pool memory use
Hi Steve,
> crdfam.clamav.hdb,pool memory used: 4.355 MB
> doppelstern-phishtank.ndb,pool memory used: 4.355 MB
> doppelstern.hdb,pool memory used: 4.355 MB
> doppelstern.ndb,pool memory used: 4.355 MB
Can you explain what these are for? I don't see these on the signature
description page:
http:
Al Varnell wrote:
> On Dec 27, 2016, at 1:53 PM, demonhunter wrote:
>> Office Open XML file format (.doc(x|m), .xls(x|m), etc.,
>> https://en.wikipedia.org/wiki/Office_Open_XML) are ZIP files, and those with
>> macros typically contain an OLE2 file named vbaProject.bin. This signature
>> appear