[Esd-l] Trapped poisoned Microsoft attachments?

Scott Taylor scott at skot.org
Sat Feb 15 08:22:37 PST 2003


At 09:02 PM 2/14/2003 -0800, John D. Hardin wrote:
>On Fri, 14 Feb 2003, Scott Taylor wrote:
>
> > >I've been using Sanitizer for awhile now but recently I've been getting a
> > >lot of bounces with the following reason:
> > >
> > >REPORT: Trapped poisoned Microsoft attachment
> > >REPORT: Macro Scanner score: 99
> > >STATUS: Message quarantined, not delivered to recipient.
> >
> > Macros inside Office documents make up the score.  You can set the
> > Max score to allow, it tells you how in John's Docs.
> >
> > If I were getting scores over 70 I would want to see what people
> > are putting in their macros and make sure it isn't going to create
> > or delete or modify any files.  AFAIK, auto-start macros give a
> > good high score.  Check out the documents with these scores, it
> > may not be something that shows up on your virus scanner, yet.
>
>Actually, right now the cause is probably an embedded image or
>external file reference, for which the default score is 99.
>
>There's a config variable for setting the embedded image score, but if
>the default is too problematic I will dial it back to 20 or so.
>
>Comments?

Yeah, I think 99 is a little high for an embedded image, but a good number 
for an external file reference.

Scott.



More information about the esd-l mailing list