I've had a look at this and
a) it looks a little like over-kill for what I want, b) I haven't a clue how to use it in my EXIM environment c) from the VERY quick look I've taken I don't see how to use it to detect macros in office documents.
I think I'm going to forget about the macros, and just assume that if the document is empty, it's a virus
On Wednesday 28 October 2015 14:59:32 Eero Volotinen wrote:
Hi,
Take look of http://www.cuckoosandbox.org
-- Eero
2015-10-28 13:55 GMT+02:00 Gary Stainburn gary@ringways.co.uk:
We are receiving LOTS of emails that contain empty XLS or DOC documents with embedded virus macros. These are getting past SPAMASSASSIN, Clamav and Kaspersky.
I'm trying to write a filter for EXIM to block these emails but I need to know a good, quick, command-line to detect an empty doc with a macro.
Is there anything available that I can use??
I have managed to write a PERL script to detect empty xls xlsx, doc and docx files but I cannot detect whether they have any macros embedded
Gary _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos