ClamAV doesn't have the ability at present to signature on scan target filenames, with exception to names of files in archives. ClamAV uses the filenames a little more in 0.101+, but historically the scanning engine hasn't had access to filenames, only file content.
Micah On 7/10/19, 3:05 AM, "clamav-users on behalf of Dave Howe via clamav-users" <[email protected] on behalf of [email protected]> wrote: On 10/07/2019 07:59, Virgo Pärna via clamav-users wrote: > Lately there have been several malware rtf files with doc > extension, that I have received by e-mail and that are not immediately > recognized by clamav. From virustotal scan they appear to be RTF bug > exploits. > Since clamav has special type support for rtf, would it be > possible to write custom rule to block rtf files with doc extension? Noting I often rename rtf files to doc - because when someone insists on a "word doc" and you send them a .rtf, when they complain you sent them the "wrong thing" you are in a lose/lose situation (if you correct them, they resent it, if you don't, they think you did something wrong) _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
