Password protected Word/phishing emails
Dino Edwards
dino.edwards at mydirectmail.net
Wed Oct 5 15:07:06 CEST 2016
I'm not sure how the scanner will open up a password protected document to scan it if it doesn't have the password. I would be the same thing with password protected zips.
The best approach with MS docs in my opinion is to block all the old office formats (.xls, .doc ....) since back then MS didn't make a distinction between macro and non-macro enabled file formats and then block all new macro enabled office docs such as .xlsm, .docm etc etc.
--
Hermes Secure Email Gateway
Hermes Secure Email Gateway combines Open Source technologies such as Postfix, Apache SpamAssassin, ClamAV, Amavisd-new, MySQL and CipherMail under one unified web based Web GUI for easy administration and management of your incoming and ougoing email for your organization. Anti-spam, anti-virus and anti-malware protection, encrypted S/MIME, encrypted PDF and SMTP TLS support, built-in email archiving, end-user self-service web gui.
Download the free open-source appliance at:
http://www.deeztek.com/hermes-secure-email-gateway/
> -----Original Message-----
> From: amavis-users [mailto:amavis-users-
> bounces+dino.edwards=mydirectmail.net at amavis.org] On Behalf Of Alex
> Sent: Wednesday, October 05, 2016 8:27 AM
> To: amavis-users at amavis.org
> Subject: Password protected Word/phishing emails
>
> Hi,
>
> I'm using amavisd-new-2.11.0 on fedora23 with spamassassin and clamav.
> I'm starting to receive password encrypted Word documents similar to
> this:
>
> http://pastebin.com/HpvEcT9K
>
> How can I configure amavisd to either change the subject or otherwise block
> emails with encrypted Word documents? Is it possible for virus scanners to
> detect malicious emails that have been password protected?
>
> Thanks,
> Alex
More information about the amavis-users
mailing list