EFA to only block .doc macros?
Posted: 05 Oct 2016 20:04
Hello,
I use Barracuda for my organization and it keeps staff happy (changing spam filters isn't doable politically right now), but it can't filter out .doc macros, which are problem as that's a pretty strong vector for ransomware. It looks like ClamAV has some ability to detect macros in .doc files and that spamasassin can push all attachments through ClamAV before sending.
My understanding is that I can set the spamassassin score to something very high like 50 so that no mail is ever marked as spam and ClamAV can also block .doc macros. Is this correct? If so, can someone point me towards the config files I'd need to change? Bonus if the tagged files can come to a specific inbox for IT to look at and to release to staff.
Thanks.
I use Barracuda for my organization and it keeps staff happy (changing spam filters isn't doable politically right now), but it can't filter out .doc macros, which are problem as that's a pretty strong vector for ransomware. It looks like ClamAV has some ability to detect macros in .doc files and that spamasassin can push all attachments through ClamAV before sending.
My understanding is that I can set the spamassassin score to something very high like 50 so that no mail is ever marked as spam and ClamAV can also block .doc macros. Is this correct? If so, can someone point me towards the config files I'd need to change? Bonus if the tagged files can come to a specific inbox for IT to look at and to release to staff.
Thanks.