On Nov 9, 2017, at 3:23 PM, Eric Tykwinski wrote: > Does anyone know if the DDE payloads in Word documents are getting caught? > > I had a customer with a very strange virus, basically it downloaded his inbox > and was responding to recipients with an attached Word document. > This was coming from a botnet with the "EHLO localhost” signature. Spam > filters are catching them from SPF, and I haven’t yet analyzed the > attachment, so it might just be junk. > > Sincerely, > > Eric Tykwinski
For those who have not seen the warning: https://technet.microsoft.com/en-us/library/security/4053440.aspx Sent from my iPhone -Al- -- Al Varnell Mountain View, CA
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
