[sanesecurity] Re: macro in word document

• From: "Steve Basford" <steveb_clamav@xxxxxxxxxxxxxxxx>
• To: sanesecurity@xxxxxxxxxxxxx
• Date: Thu, 2 Jun 2016 18:29:38 +0100

On Thu, June 2, 2016 6:08 pm, Sujit Acharyya-choudhury wrote:

I was wondering if SaneSecurity signatures block all macros or some
macros. I got this today:

Normally *some* macros that would contain known malware.

2016-06-02 10:59:41  rejected after DATA: This message contains a virus
(YARA.docx_macro.UNOFFICIAL).

YARA.docx_macro is contained in the Yara rules set EMAIL_Cryptowall.yar
are you using Yara rules.

In your config file, might be worth changing this entry to "no"

yararulesproject_enabled="yes"

badmacro.ndb and phish.ndb should then take care of the bad stuff in macros.

Cheers,

Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
Twitter: @sanesecurity

• References:
  • [sanesecurity] macro in word document
    • From: Sujit Acharyya-choudhury

Other related posts:

• » [sanesecurity] macro in word document- Sujit Acharyya-choudhury
• » [sanesecurity] Re: macro in word document - Steve Basford
• » [sanesecurity] Re: macro in word document- Sujit Acharyya-choudhury
• » [sanesecurity] Re: macro in word document- Sujit Acharyya-choudhury
• » [sanesecurity] Re: macro in word document- Sujit Acharyya-choudhury

1. Home
2. sanesecurity
3. Archive
4. 06-2016

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---