Blocking password protected office documents
Heino Backhaus
heino.backhaus at fink-computer.de
Thu May 4 07:57:37 UTC 2017
Hello List,
i'm wondering if and how to block mails with password protected office
documents. I know i could block these mails with a SA rule, searching for
password and key phrases, but that's not wanted by our customer. So
maybe the file-command and filteype.rules.conf can help.
The output of file-command looks like this:
_c3_%2ok7vd00pz08gf#4t.docx: Composite Document File V2 Document, Little
Endian, Os: Windows, Version 6.1, Code page: 1200, Locale ID: 1033, Last
Saved By: intends , Author: repels
The question is, how should an entry for this look like?
I've allready tried this:
deny Composite - -
But it didn't work...
Any suggestions are welcome
--
Mit freundlichen Gruessen
H. Backhaus
Fink-Computer Systeme
Heggrabenstr. 9, 35435 Wettenberg
Email: heino.backhaus at fink-computer.de
Web: www.fink-computer.de
Fax: +49-641-98444638
Fon: +49-641-98444640
UST-ID: DE151040770
HRB: 2143 Gießen
GF: Fredi Fink
"In retrospect it becomes clear that hindsight is definitely overrated!"
-Alfred E. Neumann
More information about the MailScanner
mailing list