Hi there, On Fri, 22 Jan 2021, Chaminda Indrajith via clamav-users wrote:
Regularly we receive DOC files which contains virus.
There are many different ways to solve your problem, but we need a lot more information from you. How do you receive these files?
These virus is not detected by ClamAV ...
This is not unusual. Can you let us have your ClamAV configuration? If you're using Linux it's simplest to send the ouptut of clamconf -n but please tell us more about your ClamAV installation - for example what operating system you're using to run it. For more information about what information will be useful see some of my previous posts in the list archives, which can be found for example at https://marc.info/?l=clamav-users&r=1&w=2
#rtfobj Balance\ Sheet\ .doc ...
On its own this information is not particularly useful. The files you receive do not necessarily give up that information to the scanner without some effort, so we need to see exactly what the scanner sees. Perhaps you can put samples somewhere (safe) on the Web for us to see.
How can we write customized rules to detect these doc file.
You do not need to do that. You can submit the files to the ClamAV team, and for example to one of the third parties which provide signatures, e.g. Sanesecurity or Securiteinfo. If you submit samples, then in addition to solving your own problem you also provide a useful service to the community: https://www.clamav.net/contact If you do want to do write your own signatures you should read the documentation. You could for example start with https://www.clamav.net/documents/creating-signatures-for-clamav but you might find it easier to deploy Yara rules: https://www.clamav.net/documents/using-yara-rules-in-clamav You need to tell us more about how you are using ClamAV. In my first question I asked you how you receive the malicious files. If it's by email then you might want to use ClamAV to filter the incoming mail messages. There are several ways to do that, but I won't go into it until I know a little more about how you're receiving the files. -- 73, Ged. _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
