On Mon, 21 Dec 2015 21:02:21 -0500 Alex <mysqlstud...@gmail.com> wrote:
> Is mimedefang the de facto method for blocking Word macro files? I > haven't ever implemented it. Can it work with postfix/amavis? I don't know about de-facto, but it's what I use... hence my posting. If Amavis lets you write snippets of Perl code, you can probably do much the same with Amavis. I've actually refined my code to look specifically for these regexes in .doc, etc files if macros are detected: /Auto_?Open/i /Workbook_Open/i /Document_Open/i because they're usually the ones exploited by viruses. I use separate regexes because Workbook_Open (unfortunately) appears reasonably often in legitimate Excel spreadsheets. The other two are rarer in legit documents. It's handy to be able to score them separately. If the Microsoft Office document is a new-style document that's really a zip file, I just stream it with "unzip -p" and look for those same regexes. We've had very good luck with this method. Regards, Dianne.
