users] Probable false positive *.xlsm -
Win.Trojan.Toa-5368540-0
Al Varnell wrote:
> On Dec 27, 2016, at 1:53 PM, demonhunter wrote:
>> Office Open XML file format (.doc(x|m), .xls(x|m), etc.,
>> https://en.wikipedia.org/wiki/Office_Open_XML) are ZIP files, and those w
Office Open XML file format (.doc(x|m), .xls(x|m), etc.,
https://en.wikipedia.org/wiki/Office_Open_XML) are ZIP files, and those with
macros typically contain an OLE2 file named vbaProject.bin. This signature
appears as though it would match all standard Open XML files that contain
macros. Exam
The signature is looking for just a few strings that appear to give no
indication whatsoever that a vulnerability is being exploited. I do not
understand why this signature was created or why it's taking to long to remove
it. I added it to a .ign2 file in our system to prevent further false posi
