Hi, On Sat, Jun 21, 2014 at 2:43 PM, Steve Basford < steveb_cla...@sanesecurity.com> wrote:
> > On Sat, June 21, 2014 2:00 pm, Alex wrote: > > Hi, > > I'm using clamav-0.98.4 on fedora20 with the sanesecurity and > safebrowsing > > sigs and still seeing an unknown virus pass through our systems. I've > > submitted it to the clamav false-negative upload, but haven't received a > > response, and 24hrs later it's still not being tagged. I was hoping > > someone could help me identify it and determine the risk. > Hi Alex, > > Just seen the sample posted and it's an interesting one. > > Detection added, in both rogue.hdb and also mainly, phish.ndb. > Okay, great, thanks. Can you describe the risk for me? What does it do, and what's necessary for the user to do to become infected? It appears to be a rogue link phishing attack? So it requires the user to open the Word doc then click the link, correct? Can it somehow infect the user's PC just by opening, or must they click the link and fall victim to the phishing attack to be affected? Thanks, Alex _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
