>we haven't seen any hit after adding bombre based on the body.
You can't get hits with bombre on attachments (except text based and PTF
with OCR).
>The rtf extension opens in Word
This is caused by a windows setting in HKR: RTF => WORD.EXE
>Don't know the malicious point of not just calling it a docx.
If an application blocks by file name extension (doc,docx,docm .....), it
will not hit.
>I really think we need the option to block passworded office documents
No, there is not really a need to do this. ASSP_AFC will detect Office
macros also in password protected documents.
But if you want, have a look in to the thread 'custom extension to
ASSP_AFC'
Thomas
Von: K Post <nntp.p...@gmail.com>
An: ASSP development mailing list <assp-test@lists.sourceforge.net>
Datum: 20.10.2016 02:33
Betreff: Re: [Assp-test] Password Protected "RTF" Files Slipping
Through
Greyhat: I do have the extra Sane sigs going. No help with these, though
we haven't seen any hit after adding bombre based on the body.
I've looked at these, they're not passworded zip files, they're Word
documents. The rtf extension opens in Word. Don't know the malicious
point of not just calling it a docx.
Whatever the case, I really think we need the option to block passworded
office documents. This problem isn't going away...
On Wed, Oct 19, 2016 at 8:44 AM, Grayhat <gray...@gmx.net> wrote:
> :: On Wed, 19 Oct 2016 13:31:55 +0200
> ::
> <tITC.5100c8291e.OF60D37E1D.88ADFE1F-ONC1258051.00266BD8-
> c1258051.003f5...@thockar.com> ::
> Thomas Eckardt <thomas.ecka...@thockar.com> wrote:
>
> > 4. I'm unable to password protect RTF files (tried office 2003, XP,
> > 2013) - password is removed
>
> I suspect it isn't a real RTF file but a passworded zip with a modified
> extension; basically whoever builds such kind of trash creates a
> script, adds it to a passworded "zip" and renames it to "rtf"
>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
