Re: [clamav-users] Encrypted Word doc/phishing attack

Seems logical. bugzilla.clamav.net would be a good place to submit the feature request. -- Joel Esler | Talos: Manager| jes...@cisco.com On Oct 19, 2016, at 9:57 AM, Heino Backhaus

Re: [clamav-users] Encrypted Word doc/phishing attack

Hallo, i would like to make a featurerequest out of this. We've allso received mails with password protected office documents. It would be a nice feature to filter them with an option like the "OLE2BlockMacros yes" option. Lets call it OLE2BlockEncryption yes|no. :) Mit freundlichen Gruessen

Re: [clamav-users] Encrypted Word doc/phishing attack

Alex, I’ll follow up off list to verify what email you submitted them under. Joel Esler jes...@cisco.com On Oct 12, 2016, at 8:21 AM, Alex > wrote: Hi Joel, On Wed, Oct 5, 2016 at 2:38 PM, Joel Esler (jesler)

Re: [clamav-users] Encrypted Word doc/phishing attack

Hi Joel, On Wed, Oct 5, 2016 at 2:38 PM, Joel Esler (jesler) wrote: > >> On Oct 5, 2016, at 1:54 PM, Alex wrote: >> >> Hi, >> >>> Are you submitting these files to ClamAV? >>> >>> http://www.clamav.net/reports/malware >> >> Not always, primarily because

Re: [clamav-users] Encrypted Word doc/phishing attack

Am 05.10.2016 um 21:09 schrieb Michael Grant: I see a ton of these too. But I also have clients who get password protected documents all the time, so it's a bit difficult to just blanket block all password protected documents you don't need to - they just get a additional score in

Re: [clamav-users] Encrypted Word doc/phishing attack

I see a ton of these too. But I also have clients who get password protected documents all the time, so it's a bit difficult to just blanket block all password protected documents. However, if you look at one of these emails, virtually 100% of the virus emails contain the password to decrypt the

Re: [clamav-users] Encrypted Word doc/phishing attack

Am 05.10.2016 um 20:52 schrieb Dennis Peterson: On 10/5/16 11:37 AM, Alex wrote: Can you explain how you configured systemd to start two instances of the same clamd binary using different config files? Create a second config file and give it a unique name or place it in a different

Re: [clamav-users] Encrypted Word doc/phishing attack

On 10/5/16 11:37 AM, Alex wrote: Can you explain how you configured systemd to start two instances of the same clamd binary using different config files? Thanks, Alex # clamd --help Clam AntiVirus Daemon 0.99.2 By The ClamAV Team:

Re: [clamav-users] Encrypted Word doc/phishing attack

> On Oct 5, 2016, at 1:54 PM, Alex wrote: > > Hi, > >> Are you submitting these files to ClamAV? >> >> http://www.clamav.net/reports/malware > > Not always, primarily because the response time has been too long. > I'll try to more attentively submit them. > It

Re: [clamav-users] Encrypted Word doc/phishing attack

Hi, >>> [root@mail-gw:/etc/clamd.d]$ cat scan.conf | grep OLE2BlockMacros >>> OLE2BlockMacros no >>> >>> [root@mail-gw:/etc/clamd.d]$ cat scan-sa.conf | grep OLE2BlockMacros >>> OLE2BlockMacros yes >> >> >> Reindl, I appreciate your input, but I can't just outright reject docs >> with macros.

Re: [clamav-users] Encrypted Word doc/phishing attack

Am 05.10.2016 um 20:02 schrieb Alex: I'm using spamassassin on fedora with amavisd. Is there something that can be done to at least tag them in some way so the end-user knows it's a potential threat? reject attachments with macros or add a clamd instance connected to the clamav-sa-plugin

Re: [clamav-users] Encrypted Word doc/phishing attack

Hi, >> I'm using spamassassin on fedora with amavisd. Is there something that >> can be done to at least tag them in some way so the end-user knows >> it's a potential threat? > > reject attachments with macros or add a clamd instance connected to the > clamav-sa-plugin with a high score as i

Re: [clamav-users] Encrypted Word doc/phishing attack

Hi, > Are you submitting these files to ClamAV? > > http://www.clamav.net/reports/malware Not always, primarily because the response time has been too long. I'll try to more attentively submit them. Thanks, Alex ___ Help us build a comprehensive

Re: [clamav-users] Encrypted Word doc/phishing attack

Alex, Are you submitting these files to ClamAV? http://www.clamav.net/reports/malware -- Joel > On Oct 5, 2016, at 8:21 AM, Alex wrote: > > Hi, > I'm starting to receive emails like this: > > http://pastebin.com/HpvEcT9K > > They're not being caught by clamav or

Re: [clamav-users] Encrypted Word doc/phishing attack

On Wed, October 5, 2016 1:21 pm, Alex wrote: > Hi, > I'm starting to receive emails like this: > > > http://pastebin.com/HpvEcT9K > > > They're not being caught by clamav or other virus filters. Is it even > possible to catch encrypted Word docs with a virus scanner? > Sorry this is brief, still

Re: [clamav-users] Encrypted Word doc/phishing attack

Hello, > They're not being caught by clamav or other virus filters. Is it even > possible to catch encrypted Word docs with a virus scanner? A signature has been created and will be publish today on our 3rd party signatures:

Re: [clamav-users] Encrypted Word doc/phishing attack

Am 05.10.2016 um 14:21 schrieb Alex: I'm starting to receive emails like this: http://pastebin.com/HpvEcT9K They're not being caught by clamav or other virus filters. Is it even possible to catch encrypted Word docs with a virus scanner? I'm using spamassassin on fedora with amavisd. Is

[clamav-users] Encrypted Word doc/phishing attack

Hi, I'm starting to receive emails like this: http://pastebin.com/HpvEcT9K They're not being caught by clamav or other virus filters. Is it even possible to catch encrypted Word docs with a virus scanner? I'm using spamassassin on fedora with amavisd. Is there something that can be done to at