hi, i have implemented this plugin in all my production machines and it works smoothly with no noticeable cpu overhead.
anything document that downloads from a third partly location or calls the shell command is automatically detected as a virus whether a malware/virus is involved or not ... which is exactly what is required. i created a "safe" macro word document which downloads a harmless file and the same was detected and rejected by the plugin. many many thanks to person who developed this plugin. rajesh ----- Original Message ----- From: Rajesh M [mailto:24x7ser...@24x7server.net] To: ebr...@whitehorsetc.com,firstname.lastname@example.org Sent: Sun, 6 Aug 2017 10:24:50 +0530 Subject: eric have implemented this in my production machines. it seems to be working correctly. will revert after a few days. thank you, rajesh ----- Original Message ----- From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: email@example.com Sent: Sat, 05 Aug 2017 07:21:41 +0000 Subject: Sorry, didn't see the other files # yum install perl-Archive-Zip # yum install perl-IO-String # cd /etc/spamassassin (or your spamassassin directory) # wget -O ./OLEMacro.pm https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm # wget -O ./OLEMacro.cf https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.cf # wget -O ./OLEMacro.pre https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pre # vi local.cf Add: include OLEMacro.cf Save # spamassassin --lint -D Look for OLE ------ Original Message ------ From: "Eric Broch" <ebr...@whitehorsetc.com> To: firstname.lastname@example.org Sent: 8/5/2017 12:44:12 AM Subject: Re: [qmailtoaster] detect macros in ms documents >Rajesh, > >I don't use it but wouldn't it be easy to apply? > ># wget -O >/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm >https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm > ># chmod 444 >/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm > >Add the below line to /etc/spamassassin/local.cf > >loadplugin Mail::SpamAssassin::Plugin::OLEMacro > ># spamassassin --lint -D &> sadump.txt > >search sadump.txt for OLEMacro > >Eric > > >------ Original Message ------ >From: "Rajesh M" <24x7ser...@24x7server.net> >To: email@example.com >Sent: 8/4/2017 10:57:35 PM >Subject: [qmailtoaster] detect macros in ms documents > >>hi >> >>there are rising number of incidences with ms .doc and .xls being >>transmitted with embedded macro virus >> >>i found a tool here which will detect such files containing macro >>virus and mark them as spam >>https://github.com/fmbla/spamassassin-olemacro/blob/master/OLEMacro.pm >> >>i dont wish rely on antivirus -- in the last incident sophos, >>kaspersky (i am seeing it fail for the first time) and clam did not >>detect it. >> >>does anybody use the above spamassassin module or something equivalent >>? >> >>rajesh >> >>
--------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com