Alex skrev den 2023-12-29 14:41:
Hi,
Barracuda recently announced they've identified a vulnerability in the
Spreadsheet::Excel library used by amavis in their appliances. I
didn't realize they were still using amavis and open source (and
presumably spamassassin?).
https://www.barracuda.com/company/legal/esg-vulnerability
this link provide Yara rules, that can be used in clamav database dir
I don't have this library on my system - is there a plugin that
enables parsing of Excel spreadsheets for malicious code? I realize
there is the ExtractText plugin, and although it doesn't actually work
to identify any potentially malicious code within an Excel file, it
does look to be much more comprehensive and capable.
https://www.techtarget.com/searchsecurity/news/366564654/Another-Barracuda-ESG-zero-day-flaw-exploited-in-the-wild
amavisd can block xls files, if not wanted
more long term solve is to add malware to clamav if possible, sadly not
easy :/
test malware on virustotal.com and hope av wonders add it to there
databases of malware, sadly clamav dont get it :/