Detecting empty office doc containing virus macro
Gary Stainburn
gary.stainburn at ringways.co.uk
Wed Oct 28 16:29:12 UTC 2015
On Wednesday 28 October 2015 13:45:17 Ian Malone wrote:
> Don't know how to answer your question, but if you know how to detect
> empty documents then why not just assume they're malicious? Don't
> think there's any common reason to send empty documents around.
>
I think that I'm going to go down that route. I still haven't found a
solution to checking for macros, and even if I do, it would probably increase
the CPU time.
I just wanted to be more thorough.
More information about the users
mailing list