>Can AFC be modified to block for encrypted office documents?
Macros are not enrypted (at least the statements checked by AFC) and will
be detected.
If not - provide me a download of such a document.
Thomas
Von: K Post <nntp.p...@gmail.com>
An: ASSP development mailing list <assp-test@lists.sourceforge.net>
Datum: 02.11.2016 02:51
Betreff: Re: [Assp-test] Blocking encrypted and/or VBA embedded MS
Office Docs
Missed that we already had AFC to block vba macros. That is in fact
working great.
However, the new tactic is to send encrypted word documents and put the
password in the email. Those aren't caught, which makes sense - AFC can't
read the file to tell that there's a macro! Can AFC be modified to block
for encrypted office documents?
On Thu, Oct 27, 2016 at 10:19 PM, K Post <nntp.p...@gmail.com> wrote:
With more and more and more attached files slipping through ClamAV's
hands, and the majority of these being either encrypted MS Office
documents or zero day-ish Word documents with VBA embedded, I'm wondering
if ASSP_AFC could be modified to optionally reject/strip/score messages
that are either:
1) Encrypted MS Office documents and/or
2) MS Office documents that contain VBA code.
Related, detect PDF files with Javascript or Flash embedded??
(and Thomas, if you're replying to this, could you also cc me directly so
that I get the reply - gmail is rejecting your DKIM messages that pass
through SourceForge without SRS)
THANKS
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test