> > I'm afraid my squid+dansguardion+clamav (with daily.cvd v 1225) does not > > detect exploited wmf's created by metasploit. > > The signatures has been updated twice since 1225 (IIRC) to better detect > randomized variants. > > But I've not seen any malware that use the "new" randomize techniques. > > Daily.cvd 1229 should detect samples produced by Metasploit > ie_xp_pfv_metafile version 1.14, but please submit samples if you > discover any that isn't detected. >
Diego, Daily.cvd 1229 does recognise the randomised wmf's created by metasploit. Many thanks for the efforts. F. _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
