On 28/10/15 11:55, Gary Stainburn wrote:
> We are receiving LOTS of emails that contain empty XLS or DOC documents with
> embedded virus macros. These are getting past SPAMASSASSIN, Clamav and
> Kaspersky.
>
> I'm trying to write a filter for EXIM to block these emails but I need to know
> a good, quick, command-line to detect an empty doc with a macro.
>
> Is there anything available that I can use??
>
> I have managed to write a PERL script to detect empty xls xlsx, doc and docx
> files but I cannot detect whether they have any macros embedded
>
> Gary
If you've got a script to detect empty docs then it should be relatively
easy to detect these. I assume empty attachments are not normal in your
mail flows?
I would look to write some custom SpamAssassin rules, maybe
incorporating your script, to detect these and filter them out.
Are you able to post some examples to pastebin?
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
