On Tue, 6 Sep 2016 16:12:36 -0500 (CDT) David B Funk <dbf...@engineering.uiowa.edu> wrote:
> What is 'acceptable' to you? Unless you find some magical prescient > anti-virus that can accurately predict all possible macro viruses > with out FPs I don't know what else can be done. Almost all of the macro viruses I've seen have made use of one of the following special BASIC subroutine names: Workbook_Open Document_Open Auto_Open AutoOpen If one of those subroutines is defined, it's far more suspicious than just a regular macro-laden document. Blocking or quarantining those will have a pretty low (though still, alas, non-zero) FP rate. And I'm not implying that a macro virus *has* to use one of those routines. It's just that most do because they allow execution of code with no user-interaction beyond opening the document. Regards, Dianne.