Heino, Can you clarify which sig caught it?
Doc.Dropper.Agent-177659 is not an actual sig number. -- Joel Esler | Talos: Manager| [email protected]<mailto:[email protected]> On Oct 19, 2016, at 10:08 AM, Steve Basford <[email protected]<mailto:[email protected]>> wrote: On Wed, October 19, 2016 3:05 pm, Joel Esler (jesler) wrote: So to be clear, it is not detected or it is detected? I think here's saying... * It *should* have been blocked with OLE2BlockMacros yes option but *wasn't* * It is now detected as Doc.Dropper.Agent-177659 -- Cheers, Steve Twitter: @sanesecurity _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
