Re: Detecting empty office doc containing virus macro

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



I've had a look at this and 

a) it looks a little like over-kill for what I want,
b) I haven't a clue how to use it in my EXIM environment
c) from the VERY quick look I've taken I don't see how to use it to detect 
macros in office documents.

I think I'm going to forget about the macros, and just assume that if the 
document is empty, it's a virus

On Wednesday 28 October 2015 14:59:32 Eero Volotinen wrote:
> Hi,
>
> Take look of http://www.cuckoosandbox.org
>
> --
> Eero
>
> 2015-10-28 13:55 GMT+02:00 Gary Stainburn <gary@xxxxxxxxxxxxxx>:
> > We are receiving LOTS of emails that contain empty XLS or DOC documents
> > with
> > embedded virus macros.  These are getting past SPAMASSASSIN, Clamav and
> > Kaspersky.
> >
> > I'm trying to write a filter for EXIM to block these emails but I need to
> > know
> > a good, quick, command-line to detect an empty doc with a macro.
> >
> > Is there anything available that I can use??
> >
> > I have managed to write a PERL script to detect empty xls xlsx, doc and
> > docx
> > files but I cannot detect whether they have any macros embedded
> >
> > Gary
> > _______________________________________________
> > CentOS mailing list
> > CentOS@xxxxxxxxxx
> > https://lists.centos.org/mailman/listinfo/centos



-- 
Gary Stainburn
Group I.T. Manager
Ringways Garages
http://www.ringways.co.uk 
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux