Re: [clamav-users] swift.doc Doc.Dropper.Agent-1776597

The problem report for this issue is https://bugzilla.clamav.net/show_bug.cgi?id=11651. Steve On Wed, Oct 19, 2016 at 5:29 PM, Joel Esler (jesler) wrote: > Yup, that’s one of mine. Glad to see my system is working ;) > > As far as why it didn’t work, I’ll have to defer this

Re: [clamav-users] swift.doc Doc.Dropper.Agent-1776597

Yup, that’s one of mine. Glad to see my system is working ;) As far as why it didn’t work, I’ll have to defer this to Steve on the dev team. -- Joel Esler | Talos: Manager| jes...@cisco.com On Oct 19, 2016, at 10:16 AM, Steve Basford

Re: [clamav-users] swift.doc Doc.Dropper.Agent-1776597

On Wed, October 19, 2016 3:12 pm, Joel Esler (jesler) wrote: > Heino, > > > Can you clarify which sig caught it? > > > Doc.Dropper.Agent-177659 is not an actual sig number. Damn cut and paste... it's: Doc.Dropper.Agent-1776597 (a hash) -- Cheers, Steve Twitter: @sanesecurity

Re: [clamav-users] swift.doc Doc.Dropper.Agent-1776597

Heino, Can you clarify which sig caught it? Doc.Dropper.Agent-177659 is not an actual sig number. -- Joel Esler | Talos: Manager| jes...@cisco.com On Oct 19, 2016, at 10:08 AM, Steve Basford >

Re: [clamav-users] swift.doc Doc.Dropper.Agent-1776597

On Wed, October 19, 2016 3:05 pm, Joel Esler (jesler) wrote: > So to be clear, it is not detected or it is detected? I think here's saying... * It *should* have been blocked with OLE2BlockMacros yes option but *wasn't* * It is now detected as Doc.Dropper.Agent-177659 -- Cheers, Steve

[clamav-users] swift.doc Doc.Dropper.Agent-1776597

Hello List, we've received totay early in the morning mails with a word document containing a malicius macro, which was not detected by clamav. It is now detected as Doc.Dropper.Agent-177659. I've set up clamd with the OLE2BlockMacros yes option which normaly works fine, but not with this file.