i have implemented this plugin in all my production machines and it works 
smoothly with no noticeable cpu overhead.

anything document that downloads from a third partly location or calls the 
shell command is automatically detected as a virus whether a malware/virus is 
involved or not ... which is exactly what is required.

i created a "safe" macro word document which downloads a harmless file and the 
same was detected and rejected by the plugin.

many many thanks to person who developed this plugin.


----- Original Message -----
From: Rajesh M [mailto:24x7ser...@24x7server.net]
To: ebr...@whitehorsetc.com,qmailtoaster-list@qmailtoaster.com
Sent: Sun, 6 Aug 2017 10:24:50 +0530


have implemented this in my production machines.

it seems to be working correctly.

will revert after a few days.

thank you,

----- Original Message -----
From: Eric Broch [mailto:ebr...@whitehorsetc.com]
To: qmailtoaster-list@qmailtoaster.com
Sent: Sat, 05 Aug 2017 07:21:41 +0000

Sorry, didn't see the other files

# yum install perl-Archive-Zip
# yum install perl-IO-String
# cd /etc/spamassassin (or your spamassassin directory)
# wget -O ./OLEMacro.pm
# wget -O ./OLEMacro.cf
# wget -O ./OLEMacro.pre
# vi local.cf
include OLEMacro.cf

# spamassassin --lint -D
Look for OLE

------ Original Message ------
From: "Eric Broch" <ebr...@whitehorsetc.com>
To: qmailtoaster-list@qmailtoaster.com
Sent: 8/5/2017 12:44:12 AM
Subject: Re: [qmailtoaster] detect macros in ms documents

>I don't use it but wouldn't it be easy to apply?
># wget -O
># chmod 444
>Add  the below line to /etc/spamassassin/local.cf
>loadplugin Mail::SpamAssassin::Plugin::OLEMacro
># spamassassin --lint -D  &> sadump.txt
>search sadump.txt for OLEMacro
>------ Original Message ------
>From: "Rajesh M" <24x7ser...@24x7server.net>
>To: qmailtoaster-list@qmailtoaster.com
>Sent: 8/4/2017 10:57:35 PM
>Subject: [qmailtoaster] detect macros in ms documents
>>there are rising number of incidences with ms .doc and .xls being
>>transmitted with embedded macro virus
>>i found a tool here which will detect such files containing macro
>>virus and mark them as spam
>>i dont wish rely on antivirus -- in the last incident sophos,
>>kaspersky (i am seeing it fail for the first time) and clam did not
>>detect it.
>>does anybody use the above spamassassin module or something equivalent

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Reply via email to