Does anyone know if the DDE payloads in Word documents are getting caught? I had a customer with a very strange virus, basically it downloaded his inbox and was responding to recipients with an attached Word document. This was coming from a botnet with the "EHLO localhost” signature. Spam filters are catching them from SPF, and I haven’t yet analyzed the attachment, so it might just be junk.
Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
