Hello,
In the first week of March 2021, multiple users had received email
with xlsx attachment having exploit for CVE-2017-11882. The clamav
could not detect it but other antivirus like eScan and ESET could
detect it as malware threat.
With our first time effort, we tried to build the signature and could
do it with the help of existing infected file. The same was submitted
in clamav for multiple time as there were some issue in signature
generation. However, after few more efforts using debug of tmp file,
we could generate signature. The same has been attached for testing
and help. So, other clamav user can be benefited.
We also need guidance:
1. How to identify the correct file to generate the generic signature,
especially if files with different name but same exploit has been
sent.
With Regards
Jigar Raval
In the first week of March 2021, multiple users had received email
with xlsx attachment having exploit for CVE-2017-11882. The clamav
could not detect it but other antivirus like eScan and ESET could
detect it as malware threat.
With our first time effort, we tried to build the signature and could
do it with the help of existing infected file. The same was submitted
in clamav for multiple time as there were some issue in signature
generation. However, after few more efforts using debug of tmp file,
we could generate signature. The same has been attached for testing
and help. So, other clamav user can be benefited.
We also need guidance:
1. How to identify the correct file to generate the generic signature,
especially if files with different name but same exploit has been
sent.
With Regards
Jigar Raval