search for: virus_files

Displaying 4 results from an estimated 4 matches for "virus_files".

2015 Oct 29
3
Detecting empty office doc containing virus macro
...t is add small pattern matching rules to local.cf Another rule I would like to add to Spamassassin is to catch emails where the subject starts with the email local part in brackets as we get a LOT of those too. > > Are you able to post some examples to pastebin? http://www.stainburn.com/virus_files/I0000040777.doc http://www.stainburn.com/virus_files/FAX_20151028_1445421437_89.doc
2015 Oct 30
1
Detecting empty office doc containing virus macro
...ch emails where > > the subject starts with the email local part in brackets as we get a LOT > > of those too. This is one of the checks I can now do in my perl script. > > > >> Are you able to post some examples to pastebin? > > > > http://www.stainburn.com/virus_files/I0000040777.doc > > http://www.stainburn.com/virus_files/FAX_20151028_1445421437_89.doc > > Sorry, I meant examples of the emails (including the full headers, > redacted where necessary), not the attachments. We might be able to > point you in the right direction or offer a few th...
2015 Oct 29
0
Detecting empty office doc containing virus macro
...iting rules. > Another rule I would like to add to Spamassassin is to catch emails where the > subject starts with the email local part in brackets as we get a LOT of those > too. > >> >> Are you able to post some examples to pastebin? > > http://www.stainburn.com/virus_files/I0000040777.doc > http://www.stainburn.com/virus_files/FAX_20151028_1445421437_89.doc Sorry, I meant examples of the emails (including the full headers, redacted where necessary), not the attachments. We might be able to point you in the right direction or offer a few thoughts on how to detect...
2015 Oct 28
6
Detecting empty office doc containing virus macro
We are receiving LOTS of emails that contain empty XLS or DOC documents with embedded virus macros. These are getting past SPAMASSASSIN, Clamav and Kaspersky. I'm trying to write a filter for EXIM to block these emails but I need to know a good, quick, command-line to detect an empty doc with a macro. Is there anything available that I can use?? I have managed to write a PERL script to