Re: [CentOS] Detecting empty office doc containing virus macro

On Thursday 29 October 2015 20:37:03 Ned Slider wrote: > On 29/10/15 10:51, Gary Stainburn wrote: > > On Wednesday 28 October 2015 21:12:19 Ned Slider wrote: > >> On 28/10/15 11:55, Gary Stainburn wrote: > >>> We are receiving LOTS of emails that contain empty XLS or DOC documents > >>> with

Re: [CentOS] Detecting empty office doc containing virus macro

How about scanning files using virustotal? https://github.com/Gawen/virustotal -- Eero 2015-10-30 12:58 GMT+02:00 Gary Stainburn : > On Thursday 29 October 2015 20:37:03 Ned Slider wrote: > > On 29/10/15 10:51, Gary Stainburn wrote: > > > On Wednesday 28 October 2015

Re: [CentOS] Detecting empty office doc containing virus macro

On 29/10/15 10:51, Gary Stainburn wrote: > On Wednesday 28 October 2015 21:12:19 Ned Slider wrote: >> On 28/10/15 11:55, Gary Stainburn wrote: >>> We are receiving LOTS of emails that contain empty XLS or DOC documents >>> with embedded virus macros. These are getting past SPAMASSASSIN, Clamav

Re: [CentOS] Detecting empty office doc containing virus macro

On Wednesday 28 October 2015 21:12:19 Ned Slider wrote: > On 28/10/15 11:55, Gary Stainburn wrote: > > We are receiving LOTS of emails that contain empty XLS or DOC documents > > with embedded virus macros. These are getting past SPAMASSASSIN, Clamav > > and Kaspersky. > > > > I'm trying to write

Re: [CentOS] Detecting empty office doc containing virus macro

On Thu, 2015-10-29 at 20:37 +, Ned Slider wrote: > Combining multiple simple rules in a meta > rule is also a great way to detect many spams. If you can find 3 or 4 > factors specific to these spam (the more unique the better), combining > them usually gives excellent results. Yep. In

[CentOS] Detecting empty office doc containing virus macro

We are receiving LOTS of emails that contain empty XLS or DOC documents with embedded virus macros. These are getting past SPAMASSASSIN, Clamav and Kaspersky. I'm trying to write a filter for EXIM to block these emails but I need to know a good, quick, command-line to detect an empty doc with

Re: [CentOS] Detecting empty office doc containing virus macro

On Wed, October 28, 2015 6:55 am, Gary Stainburn wrote: > We are receiving LOTS of emails that contain empty XLS or DOC documents > with > embedded virus macros. These are getting past SPAMASSASSIN, Clamav and > Kaspersky. Just a word of advise to everybody: stay away from Kaspersky (unless you

Re: [CentOS] Detecting empty office doc containing virus macro

Hi, Take look of http://www.cuckoosandbox.org -- Eero 2015-10-28 13:55 GMT+02:00 Gary Stainburn : > We are receiving LOTS of emails that contain empty XLS or DOC documents > with > embedded virus macros. These are getting past SPAMASSASSIN, Clamav and > Kaspersky. > > I'm

Re: [CentOS] Detecting empty office doc containing virus macro

and https://github.com/xme/cuckoomx -- Eero 2015-10-28 16:59 GMT+02:00 Eero Volotinen : > Hi, > > Take look of http://www.cuckoosandbox.org > > -- > Eero > > 2015-10-28 13:55 GMT+02:00 Gary Stainburn : > >> We are receiving LOTS of emails that contain

Re: [CentOS] Detecting empty office doc containing virus macro

I've had a look at this and a) it looks a little like over-kill for what I want, b) I haven't a clue how to use it in my EXIM environment c) from the VERY quick look I've taken I don't see how to use it to detect macros in office documents. I think I'm going to forget about the macros, and

Re: [CentOS] Detecting empty office doc containing virus macro

On 28/10/15 11:55, Gary Stainburn wrote: > We are receiving LOTS of emails that contain empty XLS or DOC documents with > embedded virus macros. These are getting past SPAMASSASSIN, Clamav and > Kaspersky. > > I'm trying to write a filter for EXIM to block these emails but I need to > know