[sanesecurity] Re: macro in word document
- From: "Steve Basford" <steveb_clamav@xxxxxxxxxxxxxxxx>
- To: sanesecurity@xxxxxxxxxxxxx
- Date: Thu, 2 Jun 2016 18:29:38 +0100
On Thu, June 2, 2016 6:08 pm, Sujit Acharyya-choudhury wrote:
I was wondering if SaneSecurity signatures block all macros or some
macros. I got this today:
Normally *some* macros that would contain known malware.
2016-06-02 10:59:41 rejected after DATA: This message contains a virus
(YARA.docx_macro.UNOFFICIAL).
YARA.docx_macro is contained in the Yara rules set EMAIL_Cryptowall.yar
are you using Yara rules.
In your config file, might be worth changing this entry to "no"
yararulesproject_enabled="yes"
badmacro.ndb and phish.ndb should then take care of the bad stuff in macros.
Cheers,
Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
Twitter: @sanesecurity
Other related posts: