Block macro word documents
Peter H. Lemieux
mailscanner at replies.cyways.com
Mon Dec 14 18:08:55 UTC 2015
After one of my clients had a problem with embedded Office macros, they blocked their users from opening macros altogether. I believe you can use an MS group policy for this, though as a Linux person, I can't say for sure.
If I were managing a network, I'd certainly implement that policy. I was a bit surprised it wasn't the default at my client's site. I can see reasons to allow some selected people to run macros, but they'd be the exception not the rule.
As Jerry says, you can block macros entirely with ClamAV. In clamd.conf, set
ScanOLE2 yes
OLE2BlockMacros yes
Peter
On 12/14/2015 11:22 AM, tmeireles at electroind.com wrote:
> Two malicious emails with macro word documents with the extension .doc got through today.
>
> Was wondering what you guys do to block malicious macro word documents?
More information about the MailScanner
mailing list