On 10/03/2016 07:46 PM, Alex wrote:
Hi,
These are a real concern. If you receive any kind of real mail volume,
you're receiving these too, and they're not always being caught by
RBLs or virus scanners. Or even our well-trained bayes.
http://pastebin.com/YhLBqpKm
I used to have some rules that would reliably block them, but they're
not performing well now at all.
I'm posting this in hopes someone has some other ideas, as well as to
raise awareness about their existence.
Ideas greatly appreciated.
SA isn't the right tool to detect virus infected attachments
This is an "offtopic" suggestion.
disassemble the macro, write a HEX or YARA sig for ClamAV.
(not very hard)
For help with that, ask the ClamAV list.
