I've had a look at this and
a) it looks a little like over-kill for what I want,
b) I haven't a clue how to use it in my EXIM environment
c) from the VERY quick look I've taken I don't see how to use it to detect
macros in office documents.
I think I'm going to forget about the macros, and just assume that if the
document is empty, it's a virus
On Wednesday 28 October 2015 14:59:32 Eero Volotinen wrote:
> Hi,
>
> Take look of http://www.cuckoosandbox.org
>
> --
> Eero
>
> 2015-10-28 13:55 GMT+02:00 Gary Stainburn <gary@xxxxxxxxxxxxxx>:
> > We are receiving LOTS of emails that contain empty XLS or DOC documents
> > with
> > embedded virus macros. These are getting past SPAMASSASSIN, Clamav and
> > Kaspersky.
> >
> > I'm trying to write a filter for EXIM to block these emails but I need to
> > know
> > a good, quick, command-line to detect an empty doc with a macro.
> >
> > Is there anything available that I can use??
> >
> > I have managed to write a PERL script to detect empty xls xlsx, doc and
> > docx
> > files but I cannot detect whether they have any macros embedded
> >
> > Gary
> > _______________________________________________
> > CentOS mailing list
> > CentOS@xxxxxxxxxx
> > https://lists.centos.org/mailman/listinfo/centos
--
Gary Stainburn
Group I.T. Manager
Ringways Garages
http://www.ringways.co.uk
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
