Hi Alain, I've just submitted another zero-day $ sha1sum FNZQ480465.doc bd7ca51a6ff67bfcb83b863595f21432ef9071d9 FNZQ480465.doc
This is from a spam/malware campaign that involves a direct-download Word macro file. Here's an example. Pay your invoice here: http://sdeflores.com/PHJC579907/ If you need any further assistance or have queries regarding your invoice, = please do not hesitate to contact us. Respectfully Yours, Huigens, William B On Wed, Jul 12, 2017 at 3:02 PM, Alain Zidouemba <azidoue...@sourcefire.com> wrote: > Signature will be going out shortly. > > On Wed, Jul 12, 2017 at 2:52 PM, Alex <mysqlstud...@gmail.com> wrote: > >> Hi, we've received a word virus that isn't currently being detected by >> any scanners. I've submitted the FN, but would like to see if we can >> get that pushed out as soon as possible. >> >> $ sha1sum Invoice_SKMBT_20170501.doc >> 6cc1dd12fbc79311ebaf59e19e562ff63141f457 Invoice_SKMBT_20170501.doc >> >> It's not currently being found by any scanners: >> https://www.virustotal.com/en/file/5b10fb6d20649c246d970e521e4436 >> d70608bbb8c6d6128245d349c69a76ef10/analysis/ >> >> Also, there's some notes in the "comments" section of this post. What >> does it mean? How can I use that to my benefit in the future? >> >> Is there any way a postfix/amavisd/spamassassin/clamav user can >> benefit from this information by blocking based on that signature >> provided? >> _______________________________________________ >> clamav-users mailing list >> clamav-users@lists.clamav.net >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
