Greyhat: I do have the extra Sane sigs going. No help with these, though
we haven't seen any hit after adding bombre based on the body.
I've looked at these, they're not passworded zip files, they're Word
documents. The rtf extension opens in Word. Don't know the malicious
point of not just calling it a docx.
Whatever the case, I really think we need the option to block passworded
office documents. This problem isn't going away...
On Wed, Oct 19, 2016 at 8:44 AM, Grayhat <gray...@gmx.net> wrote:
> :: On Wed, 19 Oct 2016 13:31:55 +0200
> ::
> <tITC.5100c8291e.OF60D37E1D.88ADFE1F-ONC1258051.00266BD8-
> c1258051.003f5...@thockar.com> ::
> Thomas Eckardt <thomas.ecka...@thockar.com> wrote:
>
> > 4. I'm unable to password protect RTF files (tried office 2003, XP,
> > 2013) - password is removed
>
> I suspect it isn't a real RTF file but a passworded zip with a modified
> extension; basically whoever builds such kind of trash creates a
> script, adds it to a passworded "zip" and renames it to "rtf"
>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
