Re: [clamav-users] Virus Malvare not detected

Doc.Dropper.Agent is automated. Sounds like someone submitted the file to Clamav.net or one my other automated systems that produces detection. -- Joel Esler | Talos: Manager | jes...@cisco.com On Nov 15, 2017, at 7:09 PM, Al Varnell

Re: [clamav-users] Virus Malvare not detected

Yes, both those signatures were added in daily - 24045 last night (my time). -Al- On Wed, Nov 15, 2017 at 01:14 PM, Mark Foley wrote: > > Actually, the clamscanner is now finding these files, so someone must have > updated something since yesterday (which is when these files came in): > >

Re: [clamav-users] Heuristics.Phishing.Email.SpoofedDomain

micah anderson writes: > X:.+safelinks\.protection\.outlook\.com([/?].*)?:.*([/?].*)?:17 > > but people are still complaining. Did I do this wrong? Looking again at > the documentation, it appears that it should be '17-' instead of '17', > but I'm not sure that matters. Anyone

Re: [clamav-users] Virus Malvare not detected

Actually, the clamscanner is now finding these files, so someone must have updated something since yesterday (which is when these files came in): /home/HPRS/matkeson/Maildir/.SENT/cur/1510671208.M989641P17402.mail,S=203527,W=206204:2,S: Doc.Dropper.Agent-6374331-0 FOUND

Re: [clamav-users] Virus Malvare not detected

Mark, Please open a bug report about this issue at bugzilla.clamav.net. Please include your file and we can look into the issues. Thanks, Steve On Wed, Nov 15, 2017 at 2:45 PM, Mark Foley wrote: > I'm going to continue piggybacking onto this thread as it deals with >

Re: [clamav-users] Solaris pkg download

pkgutil -h pkgutil -d CSWclamav -P /tmp 16.11.2017 2:10, Jones, Bob пишет: > I'm looking for the compiled ClamAV package download for SPARC Solaris 10 and > x86 Solaris 10 if it's available. I have no way to install the pkg directly > from the CSW site using pkgadd - I just need to get the

[clamav-users] Solaris pkg download

I'm looking for the compiled ClamAV package download for SPARC Solaris 10 and x86 Solaris 10 if it's available. I have no way to install the pkg directly from the CSW site using pkgadd - I just need to get the package itself it that's possible. Thanks, Bob Jones The information contained in

Re: [clamav-users] Virus Malvare not detected

I'm going to continue piggybacking onto this thread as it deals with Clamav's non-discovery of the malware attached to messages with the subject "Invoice ...". Although, I don't know if this is the same type of attachment. The attachments I've been getting are .docx file named as .doc files. In

Re: [clamav-users] password protected encrypted .docx files

OK, I've found something. Encrypted .docx files contain the following strings: http://schemas.microsoft.com/office/2006/encryption; xmlns:p="http://schemas.microsoft.com/office/2006/keyEncryptor/password;> > >>> scripts and > > >>> execute .exe files. > > >>> > > >>> I'd like to block

Re: [clamav-users] Heuristics.Phishing.Email.SpoofedDomain

micah anderson wrote: I keep having people complaining about False Positives due to Heuristics.Phishing.Email.SpoofedDomain - my research has shown me that the reason this is happening is because of Outlook's "advanced threat protection" which wraps urls in a "safelink" url, I really didn't

Re: [clamav-users] Virus Malvare not detected

I'm having this same issue. The problem as I see it is that the .doc attached to these "Invoice" message is encrypted and clamav does not see what's inside. I'm discussing this encrypted attachment issue in my thread, subject: "password protected encrypted .docx files". I'm continuing to research

Re: [clamav-users] Virus Malvare not detected

Other virus not detected https://www.virustotal.com/#/file/6b7b11077b2bcdbce94eff73722a4f78103d2e87bd4331654bc65c0daeb176dd/detection El 14/11/17 a las 09:52, Emanuel escribió: Scan the attachment, clamav not detect this file. El 14/11/17 a las 09:51, Al Varnell escribió: You mentioned two

Re: [clamav-users] password protected encrypted .docx files

On Wed, 15 Nov 2017 18:37:36 +0100 (CET) Kees Theunissen wrote: > > On Wed, 15 Nov 2017, Mark Foley wrote: > > >On Wed 15 Nov 2017 01:14:00 -0800 Al Varnell wrote: > > > >>On Tue, Nov 14, 2017 at 07:45 AM, Mark Foley wrote: > >>> I found this older

[clamav-users] Heuristics.Phishing.Email.SpoofedDomain

Hi, I keep having people complaining about False Positives due to Heuristics.Phishing.Email.SpoofedDomain - my research has shown me that the reason this is happening is because of Outlook's "advanced threat protection" which wraps urls in a "safelink" url, all the details of this monstrosity

Re: [clamav-users] password protected encrypted .docx files

On Wed, 15 Nov 2017, Mark Foley wrote: >On Wed 15 Nov 2017 01:14:00 -0800 Al Varnell wrote: > >>On Tue, Nov 14, 2017 at 07:45 AM, Mark Foley wrote: >>> I found this older message in the archives. I'm receiving a lot of fake >>> "Invoice" messages with attached encrypted .doc

Re: [clamav-users] password protected encrypted .docx files

On Wed 15 Nov 2017 01:14:00 -0800 Al Varnell wrote: >On Tue, Nov 14, 2017 at 07:45 AM, Mark Foley wrote: >> I found this older message in the archives. I'm receiving a lot of fake >> "Invoice" messages with attached encrypted .doc files that run VB scripts and >> execute .exe

Re: [clamav-users] password protected encrypted .docx files

On Tue, Nov 14, 2017 at 07:45 AM, Mark Foley wrote: > I found this older message in the archives. I'm receiving a lot of fake > "Invoice" messages with attached encrypted .doc files that run VB scripts and > execute .exe files. > > I'd like to block encrypted Word documents. Interestingly, as