Detecting empty office doc containing virus macro
Ian Malone
ibmalone at gmail.com
Wed Oct 28 13:45:17 UTC 2015
On 28 October 2015 at 11:56, Gary Stainburn
<gary.stainburn at ringways.co.uk> wrote:
> We are receiving LOTS of emails that contain empty XLS or DOC documents with
> embedded virus macros. These are getting past SPAMASSASSIN, Clamav and
> Kaspersky.
>
> I'm trying to write a filter for EXIM to block these emails but I need to know
> a good, quick, command-line to detect an empty doc with a macro.
>
> Is there anything available that I can use??
>
> I have managed to write a PERL script to detect empty xls xlsx, doc and docx
> files but I cannot detect whether they have any macros embedded
>
Don't know how to answer your question, but if you know how to detect
empty documents then why not just assume they're malicious? Don't
think there's any common reason to send empty documents around.
--
imalone
http://ibmalone.blogspot.co.uk
More information about the users
mailing list