The ruleset KAM.cf at mcgrail.com has rules for this plugin too. On Sat, Oct 31, 2020, 13:08 Jason Wong <wong.jaso...@yahoo.com> wrote:
> Thank you RW, that was it. > > Although, I don't understand why those rules aren't defined by default - > the manpage suggests using ifplugin Mail::SpamAssassin::Plugin::OLEVBMacro > for the rules, and the plugin isn't loaded by default, so why not have > those rules all the time with ifplugin? > > Anyway, one other thing I noticed (unless I'm missing something again), is > that some of the default macro extensions are incorrect: > > olemacro_exts (default: > (?:doc|docx|dot|pot|ppa|pps|ppt|rtf|sldm|xl|xla|xls|xlsx|xlt|xltx|xslb)$) > Set the case-insensitive regexp used to configure the extensions > the plugin targets for macro scanning > > olemacro_macro_exts (default: > (?:docm|dotm|ppam|potm|ppst|ppsm|pptm|sldm|xlm|xlam|xlsb|xlsm|xltm|xltx|xps)$) > Set the case-insensitive regexp used to configure the extensions > the plugin treats as containing a macro > > olemacro_skip_exts (default: (?:dotx|potx|ppsx|pptx|sldx|xltx)$) > Set the case-insensitive regexp used to configure extensions for > the plugin to skip entirely, these should only be guaranteed macro free > files > > The .docx, .xlsx, and .pptx files don't contain macros: > https://en.wikipedia.org/wiki/List_of_Microsoft_Office_filename_extensions > > Of course, a spammer could rename a macro-containing word file as .docx, > but I guess that's what the olemacro_extended_scan option to look for > renamed files is for. > > Thanks again. > > > > On Friday, October 30, 2020, 7:05:49 PM EDT, RW < > rwmailli...@googlemail.com> wrote: > > > > You didn't mention creating the rules. The tests have their own > definitions. > > see perldoc Mail::SpamAssassin::Plugin::OLEVBMacro > >