OLE2Macro Didn't Catch E-mail
Posted: 29 Apr 2016 19:46
Can you ask in the forum about the missed macros – tell them that we use this rule
body MICROSOFT_OLE2MACRO eval:check_microsoft_ole2macro()
and it failed to find the documents that had macros.
The only difference I can see is that the messages encoded in base64 but did not observer line width.
Also ask about KAM.cf
It has a reference to a rule that expects the plugin KAMOnly
That plugin is not installed nor can I find it. There is a rule that might work if the plugin existed.
We have this in /etc/mail/spamassassin/local.cf
It failed to find a document that clearly had macros. The only difference we can see from other OLE detected e-mails and this one is the message was encoded in base64, but did not obverse the line width.
Also, KAM.CF has a reference to a plugin that doesn't exist in the EFA installation. We think there is a rule in here that may have caught the troublesome e-mail.
body MICROSOFT_OLE2MACRO eval:check_microsoft_ole2macro()
and it failed to find the documents that had macros.
The only difference I can see is that the messages encoded in base64 but did not observer line width.
Also ask about KAM.cf
It has a reference to a rule that expects the plugin KAMOnly
That plugin is not installed nor can I find it. There is a rule that might work if the plugin existed.
We have this in /etc/mail/spamassassin/local.cf
Code: Select all
body MICROSOFT_OLE2MACRO eval:check_microsoft_ole2macro()
describe MICROSOFT_OLE2MACRO Has an attachment that contains an OLE2 Macro
score MICROSOFT_OLE2MACRO 20
Also, KAM.CF has a reference to a plugin that doesn't exist in the EFA installation. We think there is a rule in here that may have caught the troublesome e-mail.
Code: Select all
#CHANGED TO KAMOnly
ifplugin Mail::SpamAssassin::Plugin::KAMOnly