Hi, On Wed, Apr 6, 2016 at 9:56 AM, Reindl Harald <h.rei...@thelounge.net> wrote: > Am 06.04.2016 um 15:53 schrieb RW: >> >> On Tue, 5 Apr 2016 20:40:20 -0400 >> Alex wrote: >> >>> These targeted macro viruses are killing us. I hoped someone would >>> like to take a shot at suggestions on how to stop these. >>> >>> http://pastebin.com/FTzbQcHb >>> >>> The Heuristics.OLE2.ContainsMacros rule is added by amavisd+clamav, >>> but it's apparently not something that spamassassin can manipulate >>> once it's been added. In other words, it can't be used in a meta or to >>> make spam/ham decisions, only add to the existing score. >> >> >> Do you need to allow attachments with a .doc extension? >> >> The last version of word that saved in this format was in Office 2003 >> and the last version of wordpad was in XP. Both have been out of >> mainstream support for 7 years and stopped getting security updates 2 >> years ago > > > sadly in the real world if it comes to business customers you don't get rid > of .doc in a near future, be it because outdated office versions or in the > past changed defaults to save in teh old formats to ensure others with older > (at that moment supported versions) can open your documents
Yes, blocking all .doc files would be tough for us. However, maybe a rule that weights their existence them more heavily combined with something involving finance+money+invoices would be helpful.