But would this work for a docm that needs to be extracted from a PDF? I
was not aware that amavisd or the tolls it uses is able to extract stuff
embedded in a pdf.
JC
Am 30.05.2017 um 15:38 schrieb Dino Edwards:
Have you tried the following in your file rule?
[qr'.\.(docm)$'ix => 1],
[qr'.\.(dotm)$'ix => 1],
[qr'.\.(xlsm)$'ix => 1],
[qr'.\.(xltm)$'ix => 1]
The above SHOULD Block macro enabled office docs.
-----Original Message-----
From: amavis-users
[mailto:[email protected]] On
Behalf Of Daniel Rieken
Sent: Tuesday, May 30, 2017 9:02 AM
To: [email protected]
Subject: block exe in pdf-files?
Hello,
is it possible to block exe- or docm/xlsm/pptm-files inside of PDF-files?
The new Jaff ransomware is sending a PDF-file with a docm inside this PDF. So I
would like to be able to block this emails with amavisd-new...
Cheers!
Daniel
