Virus Parser
Steve Basford
steveb_clamav at sanesecurity.com
Mon Feb 8 20:44:37 UTC 2016
On Mon, February 8, 2016 7:39 pm, Scott B. Anderson wrote:
> How do you handle the new Office 97-05 trojan documents without macros
> that still contain Trojans that abuse the rtf 'engine' in office
> 2010/13/16 to root workstations without the .doc or .xls actually
> containing a macro?
>
If you are using ClamAV you can block these easily with badmacro.ndb.
In addition phish.ndb will block xml types with rogue.hdb to fill
in the rest of the crappy stuff.
http://sanesecurity.com/usage/linux-scripts/
Cheers,
Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
Twitter: @sanesecurity
More information about the MailScanner
mailing list