Detecting Crypto Trojans
Tone Kravanja
Tone.Kravanja at alarix.si
Fri Feb 19 13:07:46 CET 2016
On our side I have reacted in banning the messages that have specifficaly named attachment (lately those were invoice_2016_52323.doc). So we are blocking those. But to answer your question. I tried F-Prot virus scanner and one of the results it gives back is number of macros discovered in the document. So you could use that to reject documents with macros.
Best regards,
Tone Kravanja
From: Ralf Kirmis [mailto:rk at wizard.de]
Sent: Friday, February 19, 2016 9:08 AM
To: amavis-users at amavis.org
Subject: Detecting Crypto Trojans
Hello List,
does someone have an idea how to block those crypto trojans, which come in as office documents with enabled macros?
The patterns from Virus Scanners are actuelly behind the waves that come in.
Is it possible to detect macros in office documents and treat those mails as viruses or banned attachments?
We don't like the idea to block all office documents, wether macros or not.
regards,
Ralf Kirmis
More information about the amavis-users
mailing list