Hello List,since yesterday we found a lot of malware called Ppt.Exploit.CVE_2017_0199-6336815-1
Hitrate is extremly increasing. Currently i believe this is a FP.
Signature looks short:
Ppt.Exploit.CVE_2017_0199-6336815-1:0:*:736368656d61732e6f70656e786d6c666f726d6174732e6f72672f6f6666696365646f63756d656e74{-500}7363726970743a
This decodes to:
schemas.openxmlformats.org/officedocument{-500}script:Unfortunately i cant sent samples of found docx-files, because they are privat.
Anybody else noticed this behaviour? Thanks, Hajo _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
