On 24/02/2022 19:37, Alex wrote:
Hi,
We have some users who receive machine-generated Excel spreadsheets
that have macros, but our policy is to block them outright...
A different possible approach is to use mraptor (see olevba project on
Github) to analyse attachments that are macro-laden Office files to see
if they may be malicious, and if not then the email can be delivered.
The starting point is to use ClamAV to identify *any* emails with
macro-laden attachments, then have them quarantined by Amavis, then
subject them to bespoke (but automated) analysis, and - if they pass -
release them with amavisd-release.
