RE: Re[2]: [qmailtoaster] detect macros in ms documents
hi, i have implemented this plugin in all my production machines and it works smoothly with no noticeable cpu overhead. anything document that downloads from a third partly location or calls the shell command is automatically detected as a virus whether a malware/virus is involved or not ... which is exactly what is required. i created a "safe" macro word document which downloads a harmless file and the same was detected and rejected by the plugin. many many thanks to person who developed this plugin. rajesh - Original Message - From: Rajesh M [mailto:24x7ser...@24x7server.net] To: ebr...@whitehorsetc.com,qmailtoaster-list@qmailtoaster.com Sent: Sun, 6 Aug 2017 10:24:50 +0530 Subject: eric have implemented this in my production machines. it seems to be working correctly. will revert after a few days. thank you, rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Sat, 05 Aug 2017 07:21:41 + Subject: Sorry, didn't see the other files # yum install perl-Archive-Zip # yum install perl-IO-String # cd /etc/spamassassin (or your spamassassin directory) # wget -O ./OLEMacro.pm https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm # wget -O ./OLEMacro.cf https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.cf # wget -O ./OLEMacro.pre https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pre # vi local.cf Add: include OLEMacro.cf Save # spamassassin --lint -D Look for OLE -- Original Message -- From: "Eric Broch" <ebr...@whitehorsetc.com> To: qmailtoaster-list@qmailtoaster.com Sent: 8/5/2017 12:44:12 AM Subject: Re: [qmailtoaster] detect macros in ms documents >Rajesh, > >I don't use it but wouldn't it be easy to apply? > ># wget -O >/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm >https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm > ># chmod 444 >/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm > >Add the below line to /etc/spamassassin/local.cf > >loadplugin Mail::SpamAssassin::Plugin::OLEMacro > ># spamassassin --lint -D &> sadump.txt > >search sadump.txt for OLEMacro > >Eric > > >-- Original Message -- >From: "Rajesh M" <24x7ser...@24x7server.net> >To: qmailtoaster-list@qmailtoaster.com >Sent: 8/4/2017 10:57:35 PM >Subject: [qmailtoaster] detect macros in ms documents > >>hi >> >>there are rising number of incidences with ms .doc and .xls being >>transmitted with embedded macro virus >> >>i found a tool here which will detect such files containing macro >>virus and mark them as spam >>https://github.com/fmbla/spamassassin-olemacro/blob/master/OLEMacro.pm >> >>i dont wish rely on antivirus -- in the last incident sophos, >>kaspersky (i am seeing it fail for the first time) and clam did not >>detect it. >> >>does anybody use the above spamassassin module or something equivalent >>? >> >>rajesh >> >> - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: Re[2]: [qmailtoaster] detect macros in ms documents
eric have implemented this in my production machines. it seems to be working correctly. will revert after a few days. thank you, rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Sat, 05 Aug 2017 07:21:41 + Subject: Sorry, didn't see the other files # yum install perl-Archive-Zip # yum install perl-IO-String # cd /etc/spamassassin (or your spamassassin directory) # wget -O ./OLEMacro.pm https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm # wget -O ./OLEMacro.cf https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.cf # wget -O ./OLEMacro.pre https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pre # vi local.cf Add: include OLEMacro.cf Save # spamassassin --lint -D Look for OLE -- Original Message -- From: "Eric Broch" <ebr...@whitehorsetc.com> To: qmailtoaster-list@qmailtoaster.com Sent: 8/5/2017 12:44:12 AM Subject: Re: [qmailtoaster] detect macros in ms documents >Rajesh, > >I don't use it but wouldn't it be easy to apply? > ># wget -O >/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm >https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm > ># chmod 444 >/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm > >Add the below line to /etc/spamassassin/local.cf > >loadplugin Mail::SpamAssassin::Plugin::OLEMacro > ># spamassassin --lint -D &> sadump.txt > >search sadump.txt for OLEMacro > >Eric > > >-- Original Message -- >From: "Rajesh M" <24x7ser...@24x7server.net> >To: qmailtoaster-list@qmailtoaster.com >Sent: 8/4/2017 10:57:35 PM >Subject: [qmailtoaster] detect macros in ms documents > >>hi >> >>there are rising number of incidences with ms .doc and .xls being >>transmitted with embedded macro virus >> >>i found a tool here which will detect such files containing macro >>virus and mark them as spam >>https://github.com/fmbla/spamassassin-olemacro/blob/master/OLEMacro.pm >> >>i dont wish rely on antivirus -- in the last incident sophos, >>kaspersky (i am seeing it fail for the first time) and clam did not >>detect it. >> >>does anybody use the above spamassassin module or something equivalent >>? >> >>rajesh >> >> - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re[2]: [qmailtoaster] detect macros in ms documents
Sorry, didn't see the other files # yum install perl-Archive-Zip # yum install perl-IO-String # cd /etc/spamassassin (or your spamassassin directory) # wget -O ./OLEMacro.pm https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm # wget -O ./OLEMacro.cf https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.cf # wget -O ./OLEMacro.pre https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pre # vi local.cf Add: include OLEMacro.cf Save # spamassassin --lint -D Look for OLE -- Original Message -- From: "Eric Broch" <ebr...@whitehorsetc.com> To: qmailtoaster-list@qmailtoaster.com Sent: 8/5/2017 12:44:12 AM Subject: Re: [qmailtoaster] detect macros in ms documents Rajesh, I don't use it but wouldn't it be easy to apply? # wget -O /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm # chmod 444 /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm Add the below line to /etc/spamassassin/local.cf loadplugin Mail::SpamAssassin::Plugin::OLEMacro # spamassassin --lint -D &> sadump.txt search sadump.txt for OLEMacro Eric -- Original Message -- From: "Rajesh M" <24x7ser...@24x7server.net> To: qmailtoaster-list@qmailtoaster.com Sent: 8/4/2017 10:57:35 PM Subject: [qmailtoaster] detect macros in ms documents hi there are rising number of incidences with ms .doc and .xls being transmitted with embedded macro virus i found a tool here which will detect such files containing macro virus and mark them as spam https://github.com/fmbla/spamassassin-olemacro/blob/master/OLEMacro.pm i dont wish rely on antivirus -- in the last incident sophos, kaspersky (i am seeing it fail for the first time) and clam did not detect it. does anybody use the above spamassassin module or something equivalent ? rajesh
Re: [qmailtoaster] detect macros in ms documents
Should you have any queries, please don't hesitate to contact me. Best regards, === Alex Kan UNICORN Tech & Network Limited Direct: (852) 3721 2668 Mobile: (852) 9196 4136 Tel: (852) 3165 1565 Fax: (852) 3721 2682 E-mail: a...@unicorntn.com.hk === From: Rajesh M <24x7ser...@24x7server.net> Sent: Saturday, August 5, 2017 12:57:35 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] detect macros in ms documents hi there are rising number of incidences with ms .doc and .xls being transmitted with embedded macro virus i found a tool here which will detect such files containing macro virus and mark them as spam https://github.com/fmbla/spamassassin-olemacro/blob/master/OLEMacro.pm i dont wish rely on antivirus -- in the last incident sophos, kaspersky (i am seeing it fail for the first time) and clam did not detect it. does anybody use the above spamassassin module or something equivalent ? rajesh This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. UNICORN Tech & Network Limited, Room 1106, 11/F., Liven House, 61-63 King Yip Street, Kwun Tong, Kowloon, Hong Kong, www.unicorntn.com.hk
Re: [qmailtoaster] detect macros in ms documents
Should you have any queries, please don't hesitate to contact me. Best regards, === Alex Kan UNICORN Tech & Network Limited Direct: (852) 3721 2668 Mobile: (852) 9196 4136 Tel: (852) 3165 1565 Fax: (852) 3721 2682 E-mail: a...@unicorntn.com.hk === From: Rajesh M <24x7ser...@24x7server.net> Sent: Saturday, August 5, 2017 12:57:35 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] detect macros in ms documents hi there are rising number of incidences with ms .doc and .xls being transmitted with embedded macro virus i found a tool here which will detect such files containing macro virus and mark them as spam https://github.com/fmbla/spamassassin-olemacro/blob/master/OLEMacro.pm i dont wish rely on antivirus -- in the last incident sophos, kaspersky (i am seeing it fail for the first time) and clam did not detect it. does anybody use the above spamassassin module or something equivalent ? rajesh This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. UNICORN Tech & Network Limited, Room 1106, 11/F., Liven House, 61-63 King Yip Street, Kwun Tong, Kowloon, Hong Kong, www.unicorntn.com.hk
Re: [qmailtoaster] detect macros in ms documents
Rajesh, I don't use it but wouldn't it be easy to apply? # wget -O /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm # chmod 444 /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm Add the below line to /etc/spamassassin/local.cf loadplugin Mail::SpamAssassin::Plugin::OLEMacro # spamassassin --lint -D &> sadump.txt search sadump.txt for OLEMacro Eric -- Original Message -- From: "Rajesh M" <24x7ser...@24x7server.net> To: qmailtoaster-list@qmailtoaster.com Sent: 8/4/2017 10:57:35 PM Subject: [qmailtoaster] detect macros in ms documents hi there are rising number of incidences with ms .doc and .xls being transmitted with embedded macro virus i found a tool here which will detect such files containing macro virus and mark them as spam https://github.com/fmbla/spamassassin-olemacro/blob/master/OLEMacro.pm i dont wish rely on antivirus -- in the last incident sophos, kaspersky (i am seeing it fail for the first time) and clam did not detect it. does anybody use the above spamassassin module or something equivalent ? rajesh
[qmailtoaster] detect macros in ms documents
hi there are rising number of incidences with ms .doc and .xls being transmitted with embedded macro virus i found a tool here which will detect such files containing macro virus and mark them as spam https://github.com/fmbla/spamassassin-olemacro/blob/master/OLEMacro.pm i dont wish rely on antivirus -- in the last incident sophos, kaspersky (i am seeing it fail for the first time) and clam did not detect it. does anybody use the above spamassassin module or something equivalent ? rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com