Blocking password protected office documents
Heino Backhaus
heino.backhaus at fink-computer.de
Tue May 9 10:55:46 UTC 2017
Hi Mark,
sorry there seems to be a fault in my tests. Don't know what. Anyway,
today everything ist working as expected.
I'm filtering now Composit and CDFV2 with the following entrys in
filetype.rules.conf:
deny Composite No Password protected Office Documents Password
protected Office Documents are often malicious
deny CDFV2 No Password protected Office Documents Password
protected Office Documents are often malicious
Thanks for Answering.
Am 06.05.2017 um 07:09 schrieb Mark Sapiro:
> On 05/04/2017 12:57 AM, Heino Backhaus wrote:
>> The question is, how should an entry for this look like?
>> I've allready tried this:
>>
>> deny Composite - -
>>
>> But it didn't work...
>
>
> Try with something other than '-' for the log and report text, and
> ensure you're using tabs as field delimiters.q
>
More information about the MailScanner
mailing list