bring back removed blank lines

main
Dimitri Huisman 1 year ago
parent 7ce28bd6e9
commit 45177bd25a
No known key found for this signature in database

@ -2,12 +2,14 @@
oletools { oletools {
# default olefy settings # default olefy settings
servers = "{{ OLETOOLS_ADDRESS }}:11343" servers = "{{ OLETOOLS_ADDRESS }}:11343"
# needs to be set explicitly for Rspamd < 1.9.5 # needs to be set explicitly for Rspamd < 1.9.5
scan_mime_parts = true; scan_mime_parts = true;
extended = true; extended = true;
max_size = 3145728; max_size = 3145728;
timeout = 20.0; timeout = 20.0;
retransmits = 1; retransmits = 1;
patterns { patterns {
OLETOOLS_MACRO_FOUND= '^.....M..$'; OLETOOLS_MACRO_FOUND= '^.....M..$';
OLETOOLS_AUTOEXEC = '^A....M..$'; OLETOOLS_AUTOEXEC = '^A....M..$';
@ -18,6 +20,7 @@ oletools {
OLETOOLS_W = '(?i)\b(?:FileCopy|CopyFile|Kill|CreateTextFile|VirtualAlloc|RtlMoveMemory|URLDownloadToFileA?|AltStartupPath|WriteProcessMemory|ADODB\.Stream|WriteText|SaveToFile|SaveAs|SaveAsRTF|FileSaveAs|MkDir|RmDir|SaveSetting|SetAttr)\b|(?:\bOpen\b[^\n]+\b(?:Write|Append|Binary|Output|Random)\b)'; OLETOOLS_W = '(?i)\b(?:FileCopy|CopyFile|Kill|CreateTextFile|VirtualAlloc|RtlMoveMemory|URLDownloadToFileA?|AltStartupPath|WriteProcessMemory|ADODB\.Stream|WriteText|SaveToFile|SaveAs|SaveAsRTF|FileSaveAs|MkDir|RmDir|SaveSetting|SetAttr)\b|(?:\bOpen\b[^\n]+\b(?:Write|Append|Binary|Output|Random)\b)';
OLETOOLS_X = '(?i)\b(?:Shell|CreateObject|GetObject|SendKeys|RUN|CALL|MacScript|FollowHyperlink|CreateThread|ShellExecuteA?|ExecuteExcel4Macro|EXEC|REGISTER|SetTimer)\b|(?:\bDeclare\b[^\n]+\bLib\b)'; OLETOOLS_X = '(?i)\b(?:Shell|CreateObject|GetObject|SendKeys|RUN|CALL|MacScript|FollowHyperlink|CreateThread|ShellExecuteA?|ExecuteExcel4Macro|EXEC|REGISTER|SetTimer)\b|(?:\bDeclare\b[^\n]+\bLib\b)';
} }
# mime-part regex matching in content-type or filename # mime-part regex matching in content-type or filename
mime_parts_filter_regex { mime_parts_filter_regex {
#UNKNOWN = "application\/octet-stream"; #UNKNOWN = "application\/octet-stream";

Loading…
Cancel
Save