OLE2Macro Didn't Catch E-mail

[murphyk]

Can you ask in the forum about the missed macros – tell them that we use this rule
body MICROSOFT_OLE2MACRO eval:check_microsoft_ole2macro()
and it failed to find the documents that had macros.

The only difference I can see is that the messages encoded in base64 but did not observer line width.

Also ask about KAM.cf
It has a reference to a rule that expects the plugin KAMOnly
That plugin is not installed nor can I find it. There is a rule that might work if the plugin existed.

We have this in /etc/mail/spamassassin/local.cf

Code: Select all

body MICROSOFT_OLE2MACRO eval:check_microsoft_ole2macro()
describe MICROSOFT_OLE2MACRO Has an attachment that contains an OLE2 Macro
score MICROSOFT_OLE2MACRO 20

It failed to find a document that clearly had macros. The only difference we can see from other OLE detected e-mails and this one is the message was encoded in base64, but did not obverse the line width.

Also, KAM.CF has a reference to a plugin that doesn't exist in the EFA installation. We think there is a rule in here that may have caught the troublesome e-mail.

Code: Select all

#CHANGED TO KAMOnly
ifplugin Mail::SpamAssassin::Plugin::KAMOnly