RE: Re[2]: [qmailtoaster] detect macros in ms documents

2017-08-09 Thread Rajesh M 
hi,

i have implemented this plugin in all my production machines and it works 
smoothly with no noticeable cpu overhead.

anything document that downloads from a third partly location or calls the 
shell command is automatically detected as a virus whether a malware/virus is 
involved or not ... which is exactly what is required.

i created a "safe" macro word document which downloads a harmless file and the 
same was detected and rejected by the plugin.

many many thanks to person who developed this plugin.

rajesh


- Original Message -
From: Rajesh M [mailto:24x7ser...@24x7server.net]
To: ebr...@whitehorsetc.com,qmailtoaster-list@qmailtoaster.com
Sent: Sun, 6 Aug 2017 10:24:50 +0530
Subject:

eric

have implemented this in my production machines.

it seems to be working correctly.

will revert after a few days.

thank you,
rajesh

- Original Message -
From: Eric Broch [mailto:ebr...@whitehorsetc.com]
To: qmailtoaster-list@qmailtoaster.com
Sent: Sat, 05 Aug 2017 07:21:41 +
Subject:

Sorry, didn't see the other files

# yum install perl-Archive-Zip
# yum install perl-IO-String
# cd /etc/spamassassin (or your spamassassin directory)
# wget -O ./OLEMacro.pm
https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm
# wget -O ./OLEMacro.cf
https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.cf
# wget -O ./OLEMacro.pre
https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pre
# vi local.cf
Add:
include OLEMacro.cf
Save

# spamassassin --lint -D
Look for OLE




-- Original Message --
From: "Eric Broch" 
To: qmailtoaster-list@qmailtoaster.com
Sent: 8/5/2017 12:44:12 AM
Subject: Re: [qmailtoaster] detect macros in ms documents

>Rajesh,
>
>I don't use it but wouldn't it be easy to apply?
>
># wget -O
>/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm
>https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm
>
># chmod 444
>/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm
>
>Add  the below line to /etc/spamassassin/local.cf
>
>loadplugin Mail::SpamAssassin::Plugin::OLEMacro
>
># spamassassin --lint -D  &> sadump.txt
>
>search sadump.txt for OLEMacro
>
>Eric
>
>
>-- Original Message --
>From: "Rajesh M" <24x7ser...@24x7server.net>
>To: qmailtoaster-list@qmailtoaster.com
>Sent: 8/4/2017 10:57:35 PM
>Subject: [qmailtoaster] detect macros in ms documents
>
>>hi
>>
>>there are rising number of incidences with ms .doc and .xls being
>>transmitted with embedded macro virus
>>
>>i found a tool here which will detect such files containing macro
>>virus and mark them as spam
>>https://github.com/fmbla/spamassassin-olemacro/blob/master/OLEMacro.pm
>>
>>i dont wish rely on antivirus -- in the last incident sophos,
>>kaspersky (i am seeing it fail for the first time) and clam did not
>>detect it.
>>
>>does anybody use the above spamassassin module or something equivalent
>>?
>>
>>rajesh
>>
>>



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: Re[2]: [qmailtoaster] detect macros in ms documents

2017-08-05 Thread Rajesh M 
eric

have implemented this in my production machines.

it seems to be working correctly.

will revert after a few days.

thank you,
rajesh

- Original Message -
From: Eric Broch [mailto:ebr...@whitehorsetc.com]
To: qmailtoaster-list@qmailtoaster.com
Sent: Sat, 05 Aug 2017 07:21:41 +
Subject:

Sorry, didn't see the other files

# yum install perl-Archive-Zip
# yum install perl-IO-String
# cd /etc/spamassassin (or your spamassassin directory)
# wget -O ./OLEMacro.pm
https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm
# wget -O ./OLEMacro.cf
https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.cf
# wget -O ./OLEMacro.pre
https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pre
# vi local.cf
Add:
include OLEMacro.cf
Save

# spamassassin --lint -D
Look for OLE




-- Original Message --
From: "Eric Broch" 
To: qmailtoaster-list@qmailtoaster.com
Sent: 8/5/2017 12:44:12 AM
Subject: Re: [qmailtoaster] detect macros in ms documents

>Rajesh,
>
>I don't use it but wouldn't it be easy to apply?
>
># wget -O
>/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm
>https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm
>
># chmod 444
>/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm
>
>Add  the below line to /etc/spamassassin/local.cf
>
>loadplugin Mail::SpamAssassin::Plugin::OLEMacro
>
># spamassassin --lint -D  &> sadump.txt
>
>search sadump.txt for OLEMacro
>
>Eric
>
>
>-- Original Message --
>From: "Rajesh M" <24x7ser...@24x7server.net>
>To: qmailtoaster-list@qmailtoaster.com
>Sent: 8/4/2017 10:57:35 PM
>Subject: [qmailtoaster] detect macros in ms documents
>
>>hi
>>
>>there are rising number of incidences with ms .doc and .xls being
>>transmitted with embedded macro virus
>>
>>i found a tool here which will detect such files containing macro
>>virus and mark them as spam
>>https://github.com/fmbla/spamassassin-olemacro/blob/master/OLEMacro.pm
>>
>>i dont wish rely on antivirus -- in the last incident sophos,
>>kaspersky (i am seeing it fail for the first time) and clam did not
>>detect it.
>>
>>does anybody use the above spamassassin module or something equivalent
>>?
>>
>>rajesh
>>
>>


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com