[prev in list] [next in list] [prev in thread] [next in thread]
List: clamav-devel
Subject: Re: [Clamav-devel] clamav-0.101.0-beta AlertEncryptedDoc true
From: "Micah Snyder (micasnyd)" <micasnyd () cisco ! com>
Date: 2018-11-01 19:24:27
Message-ID: B5E34027-A2DE-4385-9A88-1E6AD32A40CB () cisco ! com
[Download RAW message or body]
At present, only encrypted PDF's will alert using AlertEncryptedDoc. In the future, \
I would like to detect encryption in other document formats.
I realize it seems a little silly that the feature only works for PDFs at this time, \
so here is a little context. In 0.100, the only option was ArchiveBlockEncrypted. \
ArchiveBlockEncrypted, despite what the name implies, will alert on both encrypted \
archives and encrypted PDFs. Separating the options was done at the request of users \
who have been using ArchiveBlockEncrypted in a mail filtering application and were \
frustrated that their encrypted payroll documents were getting blocked, but did not \
want to allow potentially malicious encrypted archives. For 0.101, we separated \
ArchiveBlockEncrypted into AlertEncryptedDoc and AlertEncryptedArchive, retaining the \
more generic AlertEncrypted option for users who would want to continue using a \
single option.
Regards,
Micah
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
On Nov 1, 2018, at 2:43 PM, Paul <paul@netpresto.co.uk<mailto:paul@netpresto.co.uk>> \
wrote:
HI
Should I be seeing encrypted (password protected) MS Office docx files detected with \
"AlertEncryptedDoc true"
Regards Paul
_______________________________________________
clamav-devel mailing list
clamav-devel@lists.clamav.net<mailto:clamav-devel@lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-devel
Please submit your patches to our Bugzilla: http://bugzilla.clamav.net
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-devel mailing list
clamav-devel@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-devel
Please submit your patches to our Bugzilla: http://bugzilla.clamav.net
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic