Am 29.12.2016 um 07:30 schrieb demonhunter:
Samples can be easily generated by creating a blank Word or Excel document,
creating an empty macro module with a single empty subroutine, and saving the
Word/Excel file as a .docm or .xlsm file. Scanning one of these brand new files
against a
t: Wednesday, December 28, 2016 1:34:16 PM
Subject: Re: [clamav-users] Probable false positive *.xlsm -
Win.Trojan.Toa-5368540-0
Al Varnell wrote:
> On Dec 27, 2016, at 1:53 PM, demonhunter wrote:
>> Office Open XML file format (.doc(x|m), .xls(x|m), etc.,
>> https://en.wik
vbaProject\.bin$
>> COMPRESSED FILESIZE: ANY
>> UNCOMPRESSED FILESIZE: ANY
>> ENCRYPTION: IGNORED
>> FILE POSITION: ANY
>> CRC SUM: ANY
>>
>>
>> DH
>>
>>
>> - Original Message -
>> From: "Joel Esler (jesler)&quo
mbro de 2016 18:25:14
Assunto: Re: [clamav-users] Probable false positive *.xlsm -
Win.Trojan.Toa-5368540-0
Are you able to submit the files via the website?
--
Sent from my Apple Watch
On Dec 27, 2016, at 3:08 PM, Adnan de Castro Donato
<adnan.cas...@stwbrasil.com> wrote:
>
> I
NY
>
>
> DH
>
>
> - Original Message -
> From: "Joel Esler (jesler)"
> To: "Adnan de Castro Donato" <adnan.cas...@stwbrasil.com>, "ClamAV users ML"
> <clamav-users@lists.clamav.net>
> Sent: Tuesday, December 27
(jesler)" <jes...@cisco.com>
To: "Adnan de Castro Donato" <adnan.cas...@stwbrasil.com>, "ClamAV users ML"
<clamav-users@lists.clamav.net>
Sent: Tuesday, December 27, 2016 3:25:14 PM
Subject: Re: [clamav-users] Probable false positive *.xlsm -
Win.
#All# macros inside xlsm files are being blocked due to sig blocking of
Vbaproject.bin inside.
Cheers,
Steve
Twitter: @sanesecurity
On 27 December 2016 20:08:37 Adnan de Castro Donato
wrote:
In keeping with one false positive reports
I have 8 CentOS servers
Are you able to submit the files via the website?
--
Sent from my Apple Watch
On Dec 27, 2016, at 3:08 PM, Adnan de Castro Donato
wrote:
>
> In keeping with one false positive reports
> I have 8 CentOS servers report below after Signatures Published daily - 22782