From 709023ab5a1ef93cba472772cec1d85ab47cba30 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Thu, 24 Nov 2022 12:04:03 +0100
Subject: [PATCH] dimitri said "block it"

So let's block any macro with AUTOEXEC
---
 core/rspamd/conf/composites.conf        | 2 +-
 tests/compose/filters/03_email_macro.sh | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/core/rspamd/conf/composites.conf b/core/rspamd/conf/composites.conf
index 28a3e9c3..912061af 100644
--- a/core/rspamd/conf/composites.conf
+++ b/core/rspamd/conf/composites.conf
@@ -5,7 +5,7 @@ OLETOOLS_MACRO_MRAPTOR {
     score = 20.0;
 }
 OLETOOLS_MACRO_SUSPICIOUS {
-    expression = "OLETOOLS_SUSPICIOUS | OLETOOLS_VBASTOMP";
+    expression = "OLETOOLS_SUSPICIOUS | OLETOOLS_VBASTOMP | OLETOOLS_AUTOEXEC";
     message = "Rejected (malicious macro)";
     policy = "leave";
     score = 20.0;
diff --git a/tests/compose/filters/03_email_macro.sh b/tests/compose/filters/03_email_macro.sh
index 8ecad31d..484fd5ff 100755
--- a/tests/compose/filters/03_email_macro.sh
+++ b/tests/compose/filters/03_email_macro.sh
@@ -4,6 +4,7 @@ python3 tests/email_test.py message-macro-stomp "tests/compose/filters/2003x32_w
 if [ $? -ne 25 ]; then
 	exit 1
 fi
+# This does Auto_Open + Alert()
 python3 tests/email_test.py message-autoexec-macro "tests/compose/filters/excel4_sample_macro.slk"
 if [ $? -ne 25 ]; then
 	exit 1