dimitri said "block it"

So let's block any macro with AUTOEXEC
main
Florent Daigniere 2 years ago
parent 3bdc57adbc
commit 709023ab5a

@ -5,7 +5,7 @@ OLETOOLS_MACRO_MRAPTOR {
score = 20.0; score = 20.0;
} }
OLETOOLS_MACRO_SUSPICIOUS { OLETOOLS_MACRO_SUSPICIOUS {
expression = "OLETOOLS_SUSPICIOUS | OLETOOLS_VBASTOMP"; expression = "OLETOOLS_SUSPICIOUS | OLETOOLS_VBASTOMP | OLETOOLS_AUTOEXEC";
message = "Rejected (malicious macro)"; message = "Rejected (malicious macro)";
policy = "leave"; policy = "leave";
score = 20.0; score = 20.0;

@ -4,6 +4,7 @@ python3 tests/email_test.py message-macro-stomp "tests/compose/filters/2003x32_w
if [ $? -ne 25 ]; then if [ $? -ne 25 ]; then
exit 1 exit 1
fi fi
# This does Auto_Open + Alert()
python3 tests/email_test.py message-autoexec-macro "tests/compose/filters/excel4_sample_macro.slk" python3 tests/email_test.py message-autoexec-macro "tests/compose/filters/excel4_sample_macro.slk"
if [ $? -ne 25 ]; then if [ $? -ne 25 ]; then
exit 1 exit 1

Loading…
Cancel
Save