So to be clear, it is not detected or it is detected?
-- Joel Esler | Talos: Manager| jes...@cisco.com<mailto:jes...@cisco.com> On Oct 19, 2016, at 9:50 AM, Heino Backhaus <heino.backh...@fink-computer.de<mailto:heino.backh...@fink-computer.de>> wrote: Hello List, we've received totay early in the morning mails with a word document containing a malicius macro, which was not detected by clamav. It is now detected as Doc.Dropper.Agent-177659. I've set up clamd with the OLE2BlockMacros yes option which normaly works fine, but not with this file. Even though i've reported this as a bug, i just whanted to ask if somebody knows more about this. -- Mit freundlichen Gruessen H. Backhaus Fink-Computer Systeme Heggrabenstr. 9, 35435 Wettenberg Email: heino.backh...@fink-computer.de<mailto:heino.backh...@fink-computer.de> Web: www.fink-computer.de<http://www.fink-computer.de> Fax: +49-641-98444638 Fon: +49-641-98444640 UST-ID: DE151040770 HRB: 2143 Gießen GF: Fredi Fink "In retrospect it becomes clear that hindsight is definitely overrated!" -Alfred E. Neumann _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
