[CentOS] Detecting empty office doc containing virus macro
Ned Slider
ned at unixmail.co.ukWed Oct 28 21:12:19 UTC 2015
- Previous message: [CentOS] Detecting empty office doc containing virus macro
- Next message: [CentOS] Detecting empty office doc containing virus macro
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 28/10/15 11:55, Gary Stainburn wrote: > We are receiving LOTS of emails that contain empty XLS or DOC documents with > embedded virus macros. These are getting past SPAMASSASSIN, Clamav and > Kaspersky. > > I'm trying to write a filter for EXIM to block these emails but I need to know > a good, quick, command-line to detect an empty doc with a macro. > > Is there anything available that I can use?? > > I have managed to write a PERL script to detect empty xls xlsx, doc and docx > files but I cannot detect whether they have any macros embedded > > Gary If you've got a script to detect empty docs then it should be relatively easy to detect these. I assume empty attachments are not normal in your mail flows? I would look to write some custom SpamAssassin rules, maybe incorporating your script, to detect these and filter them out. Are you able to post some examples to pastebin?
- Previous message: [CentOS] Detecting empty office doc containing virus macro
- Next message: [CentOS] Detecting empty office doc containing virus macro
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list