Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

2016-12-29 Thread Reindl Harald
Am 29.12.2016 um 07:30 schrieb demonhunter: Samples can be easily generated by creating a blank Word or Excel document, creating an empty macro module with a single empty subroutine, and saving the Word/Excel file as a .docm or .xlsm file. Scanning one of these brand new files against a saved

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

2016-12-28 Thread demonhunter
>> CONTAINER TYPE: CL_TYPE_ZIP >> CONTAINER SIZE: ANY >> FILENAME REGEX: vbaProject\.bin$ >> COMPRESSED FILESIZE: ANY >> UNCOMPRESSED FILESIZE: ANY >> ENCRYPTION: IGNORED >> FILE POSITION: ANY >> CRC SUM: ANY >> >> >> DH >>

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

2016-12-28 Thread Kris Deugau
gt; FILENAME REGEX: vbaProject\.bin$ >> COMPRESSED FILESIZE: ANY >> UNCOMPRESSED FILESIZE: ANY >> ENCRYPTION: IGNORED >> FILE POSITION: ANY >> CRC SUM: ANY >> >> >> DH >> >> >> ----- Original Message - >> From: "Joel Es

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

2016-12-27 Thread Adnan de Castro Donato
sure, sending right now !!! - Mensagem original - De: "Joel Esler (jesler)" Para: "Adnan de Castro Donato" , "clamav-users" Enviadas: Terça-feira, 27 de dezembro de 2016 18:25:14 Assunto: Re: [clamav-users] Probable false positive *.xlsm - Win.Troj

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

2016-12-27 Thread Al Varnell
UM: ANY > > > DH > > > - Original Message - > From: "Joel Esler (jesler)" > To: "Adnan de Castro Donato" , "ClamAV users ML" > > Sent: Tuesday, December 27, 2016 3:25:14 PM > Subject: Re: [clamav-users] Probable false p

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

2016-12-27 Thread demonhunter
r (jesler)" To: "Adnan de Castro Donato" , "ClamAV users ML" Sent: Tuesday, December 27, 2016 3:25:14 PM Subject: Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0 Are you able to submit the files via the website? -- Sent from my Apple W

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

2016-12-27 Thread Steve basford
#All# macros inside xlsm files are being blocked due to sig blocking of Vbaproject.bin inside. Cheers, Steve Twitter: @sanesecurity On 27 December 2016 20:08:37 Adnan de Castro Donato wrote: In keeping with one false positive reports I have 8 CentOS servers report below after Signature

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

2016-12-27 Thread Joel Esler (jesler)
Are you able to submit the files via the website? -- Sent from my Apple Watch On Dec 27, 2016, at 3:08 PM, Adnan de Castro Donato wrote: > > In keeping with one false positive reports > I have 8 CentOS servers report below after Signatures Published daily - 22782 > update: > > All attachme

[clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

2016-12-27 Thread Adnan de Castro Donato
In keeping with one false positive reports I have 8 CentOS servers report below after Signatures Published daily - 22782 update: All attachment with extension *.xlsm have the same issue: Our content checker found virus: Win.Trojan.Toa-5368540-0 Believe this is a false positive Would lik