[Esd-l] macro scanning...

Agung Kuswanto NCS kagung at ncs.com.sg
Fri Oct 31 07:28:05 PST 2003

Thanks John

If I want to detect any macro, may I know what is the string to be checked?

Thanks & Best Regards
Agung K

-----Original Message-----
A suggestion: macro and VBA code is fairly easy to detect. Get a
document with macros or VBA and look at it with a binary editor.
You'll see the code is stored as "\000macro-command" so if you have a
list of macro commands you can detect them pretty easily. You may need
to do this if you want to detect any macro, vs. just dangerous ones.

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  "It seems that some companies in the industry would rather use
  deception rather than try and work things out diplomatically,
			-- Blake Stowell, SCO PR director, on RedHat
   6 days until Matrix Revolutions

More information about the esd-l mailing list