document relationships are too commonly used to block them
if you really need to block them, use the implemented calls to
our $checkExeExternal; # custom subroutine to check executables external
(eg. lib/CorrectASSPcfg.pm) -
$ASSP_AFC::checkExeExternal->($self,\$sk,\$buff,$raf,\$pdf) if the
> An: "ASSP development mailing list" <
> assp-test@lists.sourceforge.net>
> Datum:31.05.2022 20:14
> Betreff:[Assp-test] blocking new MS doc vunerability (URI attack
> vector)
> --
>
>
>
> Hell
Thomas
Von:"K Post"
An: "ASSP development mailing list"
Datum: 31.05.2022 20:14
Betreff: [Assp-test] blocking new MS doc vunerability (URI attack
vector)
Hello Thomas,
Any way for ASSP to block this kind of thing?
https://isc.sans.edu/forums/diary/New+M
Hello Thomas,
Any way for ASSP to block this kind of thing?
https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme+CVE202230190/28694
Hopefully clamav will eventually catch it, but be nice great to be able
strip documents off using AFC if they contain