Removing Macros from valid MS-Office files will destroy them completely, which may lead in to kernel exception, blue screens or application crashes, if the user opens such a file. Removing any content from a PDF file, will make it invalid - adobe (reader) will not open such files.
To do such things, we would need to open the files with the related OLE-API (using the real application in background). But open a file in such way, will possibly start the macro running at the assp system. Someone may say - "just do this in a sandbox - it is harmless". Yes, this is true - but: building and controlling a sandbox from perl - and providing such a sandbox on every OS where perl (assp) is able to run, is a project with the same size like assp. So - no, both are not possible. Thomas Von: "K Post" <nntp.p...@gmail.com> An: "ASSP development mailing list" <assp-test@lists.sourceforge.net> Datum: 10.10.2018 21:52 Betreff: [Assp-test] Strip Office Macros instead of removing file? I'm seeing more and more legitimate emails coming through with Office Macros in attachments. These are usually from outside people who send files from their corporate network that have macros in the template to aid in local printing, etc. AFC is doing a great job at catching them and removing them. The problem is that our staff often needs these files, which means I need to add X-ASSP-Force-Resend: Yes to the file in the corpus and resend. This works, but requires manual intervention, often on a daily basis. Question: Might there be a way for ASSP to remove the MACRO from the file and send it "macroless?" Same idea with a PDF file, remove javascript, but send the PDF. That at least would let the files through and then I'd only have to manually resend if the macro was needed. Possible? Security concern? Thanks _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *******************************************************
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
