I expected that to be the answer, but glad I asked anyway. Thanks On Thu, Oct 11, 2018 at 6:50 AM Thomas Eckardt <thomas.ecka...@thockar.com> wrote:
> Removing Macros from valid MS-Office files will destroy them completely, > which may lead in to kernel exception, blue screens or application crashes, > if the user opens such a file. > Removing any content from a PDF file, will make it invalid - adobe > (reader) will not open such files. > > To do such things, we would need to open the files with the related > OLE-API (using the real application in background). But open a file in such > way, will possibly start the macro running at the assp system. Someone may > say - "just do this in a sandbox - it is harmless". > Yes, this is true - but: building and controlling a sandbox from perl - > and providing such a sandbox on every OS where perl (assp) is able to run, > is a project with the same size like assp. > > So - no, both are not possible. > > Thomas > > > > > > Von: "K Post" <nntp.p...@gmail.com> > An: "ASSP development mailing list" < > assp-test@lists.sourceforge.net> > Datum: 10.10.2018 21:52 > Betreff: [Assp-test] Strip Office Macros instead of removing file? > ------------------------------ > > > > I'm seeing more and more legitimate emails coming through with Office > Macros in attachments. These are usually from outside people who send > files from their corporate network that have macros in the template to aid > in local printing, etc. AFC is doing a great job at catching them and > removing them. > > The problem is that our staff often needs these files, which means I need > to add > X-ASSP-Force-Resend: Yes > to the file in the corpus and resend. This works, but requires manual > intervention, often on a daily basis. > > Question: > Might there be a way for ASSP to remove the MACRO from the file and send > it "macroless?" > Same idea with a PDF file, remove javascript, but send the PDF. > > That at least would let the files through and then I'd only have to > manually resend if the macro was needed. > > Possible? Security concern? > > Thanks > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test >
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
