On 12/22/2020 5:51 PM, Joe Acquisto-j4 wrote:
Quite new to clamav. Using with Spamassassin on Linux and it appears to scan
properly and detects EICAR as an attachment.
For last several weeks have been getting SPAM with xlsm file attached, claiming to be
invoice or payment receipt or whatever. "Please open" sort of messages.
Since these are macro enabled, and clearly have no validity in my context, one
presumes malicious intent. ClamAV does not detect any evil thing-lets, but
then, I have scanned the files with other AV products and they do not detect
anything either.
So, why do I worry? Am I deluded as to the potential danger or have I simply
failed to properly inform the AV products, ClamAV specifically, to inspect
these files properly? Or, must I add additional (signature?) packages I am not
aware of?
joe a.
Joe, you might look at enabling the OLEVBMacro plugin and adding the KAM
Ruleset, https://mcgrail.com/template/kam.cf_channel, which has rules to
help combat these type of spam emails.
Regards,
KAM
_______________________________________________
clamav-users mailing list
[email protected]
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
