subject:"Re\: \[clamav\-users\] Probable false positive \*.xlsm \- Win.Trojan.Toa\-5368540\-0"

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

2016-12-29 Thread Reindl Harald

Am 29.12.2016 um 07:30 schrieb demonhunter: Samples can be easily generated by creating a blank Word or Excel document, creating an empty macro module with a single empty subroutine, and saving the Word/Excel file as a .docm or .xlsm file. Scanning one of these brand new files against a

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

2016-12-28 Thread demonhunter

t: Wednesday, December 28, 2016 1:34:16 PM Subject: Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0 Al Varnell wrote: > On Dec 27, 2016, at 1:53 PM, demonhunter wrote: >> Office Open XML file format (.doc(x|m), .xls(x|m), etc., >> https://en.wik

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

2016-12-28 Thread Kris Deugau

vbaProject\.bin$ >> COMPRESSED FILESIZE: ANY >> UNCOMPRESSED FILESIZE: ANY >> ENCRYPTION: IGNORED >> FILE POSITION: ANY >> CRC SUM: ANY >> >> >> DH >> >> >> - Original Message - >> From: "Joel Esler (jesler)&quo

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

2016-12-27 Thread Adnan de Castro Donato

mbro de 2016 18:25:14 Assunto: Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0 Are you able to submit the files via the website? -- Sent from my Apple Watch On Dec 27, 2016, at 3:08 PM, Adnan de Castro Donato <adnan.cas...@stwbrasil.com> wrote: > > I

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

2016-12-27 Thread Al Varnell

NY > > > DH > > > - Original Message - > From: "Joel Esler (jesler)" > To: "Adnan de Castro Donato" <adnan.cas...@stwbrasil.com>, "ClamAV users ML" > <clamav-users@lists.clamav.net> > Sent: Tuesday, December 27

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

2016-12-27 Thread demonhunter

(jesler)" <jes...@cisco.com> To: "Adnan de Castro Donato" <adnan.cas...@stwbrasil.com>, "ClamAV users ML" <clamav-users@lists.clamav.net> Sent: Tuesday, December 27, 2016 3:25:14 PM Subject: Re: [clamav-users] Probable false positive *.xlsm - Win.

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

2016-12-27 Thread Steve basford

#All# macros inside xlsm files are being blocked due to sig blocking of Vbaproject.bin inside. Cheers, Steve Twitter: @sanesecurity On 27 December 2016 20:08:37 Adnan de Castro Donato wrote: In keeping with one false positive reports I have 8 CentOS servers

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

2016-12-27 Thread Joel Esler (jesler)

Are you able to submit the files via the website? -- Sent from my Apple Watch On Dec 27, 2016, at 3:08 PM, Adnan de Castro Donato wrote: > > In keeping with one false positive reports > I have 8 CentOS servers report below after Signatures Published daily - 22782

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

8 matches

Site Navigation

Mail list logo

Footer information