Missed that we already had AFC to block vba macros. That is in fact
working great.
However, the new tactic is to send *encrypted* word documents and put the
password in the email. Those aren't caught, which makes sense - AFC can't
read the file to tell that there's a macro! Can AFC be modified to block
for encrypted office documents?
On Thu, Oct 27, 2016 at 10:19 PM, K Post <nntp.p...@gmail.com> wrote:
> With more and more and more attached files slipping through ClamAV's
> hands, and the majority of these being either encrypted MS Office documents
> or zero day-ish Word documents with VBA embedded, I'm wondering if ASSP_AFC
> could be modified to optionally reject/strip/score messages that are either:
> 1) Encrypted MS Office documents and/or
> 2) MS Office documents that contain VBA code.
>
> Related, detect PDF files with Javascript or Flash embedded??
>
> (and Thomas, if you're replying to this, could you also cc me directly so
> that I get the reply - gmail is rejecting your DKIM messages that pass
> through SourceForge without SRS)
>
> THANKS
>
>
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
