[CentOS] Detecting empty office doc containing virus macro

Gary Stainburn gary at ringways.co.uk
Wed Oct 28 16:33:48 UTC 2015


I've had a look at this and 

a) it looks a little like over-kill for what I want,
b) I haven't a clue how to use it in my EXIM environment
c) from the VERY quick look I've taken I don't see how to use it to detect 
macros in office documents.

I think I'm going to forget about the macros, and just assume that if the 
document is empty, it's a virus

On Wednesday 28 October 2015 14:59:32 Eero Volotinen wrote:
> Hi,
>
> Take look of http://www.cuckoosandbox.org
>
> --
> Eero
>
> 2015-10-28 13:55 GMT+02:00 Gary Stainburn <gary at ringways.co.uk>:
> > We are receiving LOTS of emails that contain empty XLS or DOC documents
> > with
> > embedded virus macros.  These are getting past SPAMASSASSIN, Clamav and
> > Kaspersky.
> >
> > I'm trying to write a filter for EXIM to block these emails but I need to
> > know
> > a good, quick, command-line to detect an empty doc with a macro.
> >
> > Is there anything available that I can use??
> >
> > I have managed to write a PERL script to detect empty xls xlsx, doc and
> > docx
> > files but I cannot detect whether they have any macros embedded
> >
> > Gary
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > https://lists.centos.org/mailman/listinfo/centos



-- 
Gary Stainburn
Group I.T. Manager
Ringways Garages
http://www.ringways.co.uk 



More information about the CentOS mailing list