Hello, In the first week of March 2021, multiple users had received email with xlsx attachment having exploit for CVE-2017-11882. The clamav could not detect it but other antivirus like eScan and ESET could detect it as malware threat.
With our first time effort, we tried to build the signature and could do it with the help of existing infected file. The same was submitted in clamav for multiple time as there were some issue in signature generation. However, after few more efforts using debug of tmp file, we could generate signature. The same has been attached for testing and help. So, other clamav user can be benefited. We also need guidance: 1. How to identify the correct file to generate the generic signature, especially if files with different name but same exploit has been sent. With Regards Jigar Raval
sig.hdb
Description: Binary data
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
