On 28 October 2015 at 11:56, Gary Stainburn <gary.stainburn@xxxxxxxxxxxxxx> wrote: > We are receiving LOTS of emails that contain empty XLS or DOC documents with > embedded virus macros. These are getting past SPAMASSASSIN, Clamav and > Kaspersky. > > I'm trying to write a filter for EXIM to block these emails but I need to know > a good, quick, command-line to detect an empty doc with a macro. > > Is there anything available that I can use?? > > I have managed to write a PERL script to detect empty xls xlsx, doc and docx > files but I cannot detect whether they have any macros embedded > Don't know how to answer your question, but if you know how to detect empty documents then why not just assume they're malicious? Don't think there's any common reason to send empty documents around. -- imalone http://ibmalone.blogspot.co.uk -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
