--On Sunday, July 11, 2021 4:55 PM -0400 "Kevin A. McGrail"
wrote:
We use the olevbmacro detection added to SA. I would guess that's
blocking the payload.I would guess that's blocking the payload.
On 11.07.21 13:35, Kenneth Porter wrote:
I see the plugin in the distribution but it doesn't
On 7/11/2021 5:11 PM, John Hardin wrote:
"The other parts contain an application/vnd.ms-officetheme and
an application/x-mso file. Which (in addition to the text/xml
files) are used by Microsoft Word to load the embedded Word
document."
Would the presence of all three of those MIME types be
>On Monday, July 12, 2021, 04:01:03 AM GMT+2, Kevin A. McGrail
wrote:
>If you can get me a spample, I'm sure I can tell you but in general we
>block macros so that's all that's needed. Likely the OLEVBMacro plugin
>and KAM ruleset is blocking all of these already if you have the plugin
On 12/07/2021 07:40, Dave Funk wrote:
On Sun, 11 Jul 2021, Kevin A. McGrail wrote:
On 7/11/2021 5:11 PM, John Hardin wrote:
"The other parts contain an application/vnd.ms-officetheme and an
application/x-mso file. Which (in addition to the text/xml files)
are used by Microsoft Word to load
On Sun, 11 Jul 2021, Kevin A. McGrail wrote:
On 7/11/2021 5:11 PM, John Hardin wrote:
"The other parts contain an application/vnd.ms-officetheme and an
application/x-mso file. Which (in addition to the text/xml files) are used
by Microsoft Word to load the embedded Word document."
Would the
On 7/11/2021 5:11 PM, John Hardin wrote:
"The other parts contain an application/vnd.ms-officetheme and an
application/x-mso file. Which (in addition to the text/xml files) are
used by Microsoft Word to load the embedded Word document."
Would the presence of all three of those MIME types be a
It's in the KAM ruleset if that helps. Search "ifplugin
Mail::SpamAssassin::Plugin::OLEVBMacro" and you'll see the set of rules
we use. Add the plugin to an appropriate pre file to activate it.
On 7/11/2021 4:35 PM, Kenneth Porter wrote:
I see the plugin in the distribution but it doesn't
On Sun, 11 Jul 2021, Kenneth Porter wrote:
--On Sunday, July 11, 2021 1:20 PM -0400 Jared Hall
wrote:
The Word document (without macros) loads an external encrypted Excel file
It has macros. It tricks the user into enabling and running them by telling
him to enable the document for
--On Sunday, July 11, 2021 4:55 PM -0400 "Kevin A. McGrail"
wrote:
We use the olevbmacro detection added to SA. I would guess that's
blocking the payload.I would guess that's blocking the payload.
I see the plugin in the distribution but it doesn't appear to be loaded by
default and the
We use the olevbmacro detection added to SA. I would guess that's blocking
the payload.I would guess that's blocking the payload.
On Sun, Jul 11, 2021, 15:00 Kenneth Porter wrote:
> --On Sunday, July 11, 2021 1:20 PM -0400 Jared Hall
> wrote:
>
> > The Word document (without macros) loads an
--On Sunday, July 11, 2021 1:20 PM -0400 Jared Hall
wrote:
The Word document (without macros) loads an external encrypted Excel file
It has macros. It tricks the user into enabling and running them by telling
him to enable the document for editing and enabling "content" (ie. macros).
Reference: My reply to KAM's post: "Looking for a sample of the
Microsoft zero day print nightmare"
To continue my rant about the disconnect with the Security community,
this ThreatPost article pops up on my Google feed "Microsoft Office
Users Warned on New Malware-Protection Bypass". I
12 matches
Mail list logo