Excluding blocking macro/xlsx/docx files to specific recipients?

Dominic Raferd dominic at timedicer.co.uk
Fri Feb 25 14:10:52 CET 2022


On 24/02/2022 19:37, Alex wrote:
> Hi,
> We have some users who receive machine-generated Excel spreadsheets
> that have macros, but our policy is to block them outright...
A different possible approach is to use mraptor (see olevba project on 
Github) to analyse attachments that are macro-laden Office files to see 
if they may be malicious, and if not then the email can be delivered. 
The starting point is to use ClamAV to identify *any* emails with 
macro-laden attachments, then have them quarantined by Amavis, then 
subject them to bespoke (but automated) analysis, and - if they pass - 
release them with amavisd-release.


More information about the amavis-users mailing list