On Tuesday, August 09, 2016 18:01:57 Rob McEwen wrote: > On 8/9/2016 5:56 PM, Anthony Hoppe wrote: > > Here are the headers as an example: > > http://pastebin.com/bnU0npLR > > This particular email has a macro-enabled Word document attached, but I > > don't want to assume this will be the case every time. > > Any tips/tricks/suggestions would be greatly appreciated! > > I think there is a trend now... towards blocking ALL .docm files (if > not, there should be!). I think it is EXTREMELY rare for normal human > beings to send Word documents in that particularly dangerous format. > Most would be send in .doc or .docx format. > > I'm not sure if there is already a SA rule for scoring against .docm > files attachments? Perhaps someone else could help you with that.
Just a short warning, although word will not open a .docm that is renamed to .docx, it will open a .docm renamed to .doc. I found this the hard way! It is necessary, if you wish to be safe from macro enabled documents to verify that the file is what the attachment's extension claims to be. -- Larry Starr Software Engineer Full Compass Systems 9770 Silicon Prairie Pkwy Madison, WI 53593-8442 P: 608-831-7330 x1347 F: 608-831-6330 E: lar...@fullcompass.com
