>>On 12/22/2020 5:51 PM, Joe Acquisto-j4 wrote: >> Quite new to clamav. Using with Spamassassin on Linux and it appears to > scan properly and detects EICAR as an attachment. >> >> For last several weeks have been getting SPAM with xlsm file attached, > claiming to be invoice or payment receipt or whatever. "Please open" sort of > messages. >> >> Since these are macro enabled, and clearly have no validity in my context, > one presumes malicious intent. ClamAV does not detect any evil thing-lets, > but then, I have scanned the files with other AV products and they do not > detect anything either. >> >> So, why do I worry? Am I deluded as to the potential danger or have I > simply failed to properly inform the AV products, ClamAV specifically, to > inspect these files properly? Or, must I add additional (signature?) > packages I am not aware of? >> >> joe a. >> > Joe, you might look at enabling the OLEVBMacro plugin and adding the KAM > Ruleset, https://mcgrail.com/template/kam.cf_channel, which has rules to > help combat these type of spam emails. > > Regards, > KAM >
Kevin, I hesitate to ask here, but, you refer to SA I believe? I've been lurking there regarding the KAM discussion. joe a. _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
