[prev in list] [next in list] [prev in thread] [next in thread] 

List:       clamav-devel
Subject:    Re: [Clamav-devel] clamav-0.101.0-beta AlertEncryptedDoc true
From:       "Micah Snyder (micasnyd)" <micasnyd () cisco ! com>
Date:       2018-11-01 19:24:27
Message-ID: B5E34027-A2DE-4385-9A88-1E6AD32A40CB () cisco ! com
[Download RAW message or body]

At present, only encrypted PDF's will alert using AlertEncryptedDoc.  In the future, \
I would like to detect encryption in other document formats.

I realize it seems a little silly that the feature only works for PDFs at this time, \
so here is a little context.  In 0.100, the only option was ArchiveBlockEncrypted.  \
ArchiveBlockEncrypted, despite what the name implies, will alert on both encrypted \
archives and encrypted PDFs.  Separating the options was done at the request of users \
who have been using ArchiveBlockEncrypted in a mail filtering application and were \
frustrated that their encrypted payroll documents were getting blocked, but did not \
want to allow potentially malicious encrypted archives.  For 0.101, we separated \
ArchiveBlockEncrypted into AlertEncryptedDoc and AlertEncryptedArchive, retaining the \
more generic AlertEncrypted option for users who would want to continue using a \
single option.

Regards,
Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Nov 1, 2018, at 2:43 PM, Paul <paul@netpresto.co.uk<mailto:paul@netpresto.co.uk>> \
wrote:

HI

Should I be seeing encrypted (password protected) MS Office docx files detected with \
"AlertEncryptedDoc true"

Regards Paul


_______________________________________________
clamav-devel mailing list
clamav-devel@lists.clamav.net<mailto:clamav-devel@lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-devel

Please submit your patches to our Bugzilla: http://bugzilla.clamav.net

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________
clamav-devel mailing list
clamav-devel@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-devel

Please submit your patches to our Bugzilla: http://bugzilla.clamav.net

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic