[Esd-l] ms word macro virus block?
John D. Hardin
jhardin at impsec.org
Fri Mar 7 20:33:56 PST 2003
On Fri, 7 Mar 2003, Bob Pietruszka wrote:
> we had our first virus breach of the "procmail gateway". It came
> in a word document prepared by a faculty member and was identified
> by NAV as the W97M.Marker.O macro virus. My question is whether
> there is any way in the sanitizer to block macro viruses such as
> this one??
Yes, there is. Do you have macro scanning enabled? See the
documentation page on the website.
It may or may not be detected depending on the actual macro code.
Would you be willing to zip the document and send it to me? I may be
able to pull some new "suspicious strings" out of it...
> I am using version 1.126 of the sanitizer with Sendmail. Any
> suggestions would be most appreciated.
You may want to upgrade. The current version is 1.138
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...voice or no voice, the people can always be brought to the bidding
of the leaders. That is easy. All you have to do is tell them they
are being attacked and denounce the pacifists for lack of patriotism
and exposing the country to danger. It works the same way in any
country.
-- Hermann Goering
-----------------------------------------------------------------------
76 days until The Matrix Reloaded
More information about the esd-l
mailing list