hi,
i have implemented this plugin in all my production machines and it works
smoothly with no noticeable cpu overhead.
anything document that downloads from a third partly location or calls the
shell command is automatically detected as a virus whether a malware/virus is
involved or not ... which is exactly what is required.
i created a "safe" macro word document which downloads a harmless file and the
same was detected and rejected by the plugin.
many many thanks to person who developed this plugin.
rajesh
- Original Message -
From: Rajesh M [mailto:24x7ser...@24x7server.net]
To: ebr...@whitehorsetc.com,qmailtoaster-list@qmailtoaster.com
Sent: Sun, 6 Aug 2017 10:24:50 +0530
Subject:
eric
have implemented this in my production machines.
it seems to be working correctly.
will revert after a few days.
thank you,
rajesh
- Original Message -
From: Eric Broch [mailto:ebr...@whitehorsetc.com]
To: qmailtoaster-list@qmailtoaster.com
Sent: Sat, 05 Aug 2017 07:21:41 +
Subject:
Sorry, didn't see the other files
# yum install perl-Archive-Zip
# yum install perl-IO-String
# cd /etc/spamassassin (or your spamassassin directory)
# wget -O ./OLEMacro.pm
https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm
# wget -O ./OLEMacro.cf
https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.cf
# wget -O ./OLEMacro.pre
https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pre
# vi local.cf
Add:
include OLEMacro.cf
Save
# spamassassin --lint -D
Look for OLE
-- Original Message --
From: "Eric Broch"
To: qmailtoaster-list@qmailtoaster.com
Sent: 8/5/2017 12:44:12 AM
Subject: Re: [qmailtoaster] detect macros in ms documents
>Rajesh,
>
>I don't use it but wouldn't it be easy to apply?
>
># wget -O
>/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm
>https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm
>
># chmod 444
>/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm
>
>Add the below line to /etc/spamassassin/local.cf
>
>loadplugin Mail::SpamAssassin::Plugin::OLEMacro
>
># spamassassin --lint -D &> sadump.txt
>
>search sadump.txt for OLEMacro
>
>Eric
>
>
>-- Original Message --
>From: "Rajesh M" <24x7ser...@24x7server.net>
>To: qmailtoaster-list@qmailtoaster.com
>Sent: 8/4/2017 10:57:35 PM
>Subject: [qmailtoaster] detect macros in ms documents
>
>>hi
>>
>>there are rising number of incidences with ms .doc and .xls being
>>transmitted with embedded macro virus
>>
>>i found a tool here which will detect such files containing macro
>>virus and mark them as spam
>>https://github.com/fmbla/spamassassin-olemacro/blob/master/OLEMacro.pm
>>
>>i dont wish rely on antivirus -- in the last incident sophos,
>>kaspersky (i am seeing it fail for the first time) and clam did not
>>detect it.
>>
>>does anybody use the above spamassassin module or something equivalent
>>?
>>
>>rajesh
>>
>>
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com