So let's block any macro with AUTOEXEC
@ -5,7 +5,7 @@ OLETOOLS_MACRO_MRAPTOR {
score = 20.0;
}
OLETOOLS_MACRO_SUSPICIOUS {
expression = "OLETOOLS_SUSPICIOUS | OLETOOLS_VBASTOMP";
expression = "OLETOOLS_SUSPICIOUS | OLETOOLS_VBASTOMP | OLETOOLS_AUTOEXEC";
message = "Rejected (malicious macro)";
policy = "leave";
@ -4,6 +4,7 @@ python3 tests/email_test.py message-macro-stomp "tests/compose/filters/2003x32_w
if [ $? -ne 25 ]; then
exit 1
fi
# This does Auto_Open + Alert()
python3 tests/email_test.py message-autoexec-macro "tests/compose/filters/excel4_sample_macro.slk"