Default clam sigs obviously are not catching these, but wondering if anyone has them included in a third party that rather FP friendly.
I also just tested a yara from here, and it seems to work, but not certain about FPs from it either. https://blog.rootshell.be/2015/01/08/searching-for-microsoft-office-files-co ntaining-macro/ Anyone have a suggestion? Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
