[Mimedefang] Scanning for objects embedded within M$ Office attachments
si at yacc.co.uk
si at yacc.co.uk
Sun Jun 6 16:28:37 EDT 2010
Hi Chaps,
Some sales types recently ran 'ClearSwift Threat Assessment' against our Mimedefang based anti-spam system (by invitation :), in an attempt to convince 'the suits' that they should buy MIMESweeper.
Most of what was found was pretty benign ... seems messages containing Albanian Obscenities get through :)
One thing really got the suits attention though, and that was stuff like this:
-----------------------
This particular test includes;
-A sample executable, which could represent malware or unlicensed software
-In a Trojan embedded in Word document saved as RTF format
-Included as Troj_EmbedWord.rtf
-----------------------
Similar reports for Excel and PowerPoint too.
My first reaction was that it was simpler to let host-based Anti-Virus deal with this threat, but then got to thinking about all the other possibilities. I can kinda argue it both ways now.
Has anyone looked into this sort of thing in any depth, maybe using Perl Libraries such as File::MSWord, or calling out to Open Office, etc, or even just in a position to offer sagely advice on the subject?
Many thanks
Mup.
More information about the MIMEDefang
mailing list