Excluding blocking macro/xlsx/docx files to specific recipients?
Dominic Raferd
dominic at timedicer.co.uk
Fri Feb 25 14:10:52 CET 2022
On 24/02/2022 19:37, Alex wrote:
> Hi,
> We have some users who receive machine-generated Excel spreadsheets
> that have macros, but our policy is to block them outright...
A different possible approach is to use mraptor (see olevba project on
Github) to analyse attachments that are macro-laden Office files to see
if they may be malicious, and if not then the email can be delivered.
The starting point is to use ClamAV to identify *any* emails with
macro-laden attachments, then have them quarantined by Amavis, then
subject them to bespoke (but automated) analysis, and - if they pass -
release them with amavisd-release.
More information about the amavis-users
mailing list