Actually, there are two so far, added pm June 2 and 7: % sigtool -f CVE_2022_30190-|sigtool --decode-sigs VIRUS NAME: Win.Exploit.CVE_2022_30190-9951234-1 TDB: Engine:96-255,Container:CL_TYPE_OOXML_WORD,Target:7 LOGICAL EXPRESSION: 0&1&2 * SUBSIG ID 0 +-> OFFSET: 0 +-> SIGMOD: NOCASE +-> DECODED SUBSIGNATURE: <?xml {WILDCARD_ANY_STRING}<relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"> * SUBSIG ID 1 +-> OFFSET: ANY +-> SIGMOD: NOCASE +-> DECODED SUBSIGNATURE: targetmode="external" * SUBSIG ID 2 +-> OFFSET: ANY +-> SIGMOD: NOCASE +-> DECODED SUBSIGNATURE: target="{WILDCARD_ANY_STRING(LENGTH<=9)}http{WILDCARD_ANY_STRING(LENGTH<=100)}.html!
VIRUS NAME: Win.Exploit.CVE_2022_30190-9951407-0 TDB: Engine:96-255,Container:CL_TYPE_OOXML_XL,Target:7 LOGICAL EXPRESSION: 0&1&2 * SUBSIG ID 0 +-> OFFSET: 0 +-> SIGMOD: NOCASE +-> DECODED SUBSIGNATURE: <?xml {WILDCARD_ANY_STRING}<relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"> * SUBSIG ID 1 +-> OFFSET: ANY +-> SIGMOD: NOCASE +-> DECODED SUBSIGNATURE: targetmode="external" * SUBSIG ID 2 +-> OFFSET: ANY +-> SIGMOD: NOCASE +-> DECODED SUBSIGNATURE: target="{WILDCARD_ANY_STRING(LENGTH<=8)}http{WILDCARD_ANY_STRING(LENGTH<=100)}.html! -Al- > On Jun 9, 2022, at 5:16 AM, Vangelis Katsikaros via clamav-users > <clamav-users@lists.clamav.net> wrote: > > Hi > > I am not a security person so I apologize if the question sounds stupid. I'd > like to ask if there is a signature in the clamav DB to recognise Microsoft > word documents affected by the "Follina" - CVE-2022-30190 remote code > execution vulnerability. > > Regards > Vangelis > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/Cisco-Talos/clamav-documentation > > https://docs.clamav.net/#mailing-lists-and-chat Powered by Mailbutler <https://www.mailbutler.io/?utm_source=watermark&utm_medium=email&utm_campaign=watermark-variant-primary> - still your inbox, but smarter.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat