Use several methods to search attached documents for evidence of an OLE Macro.
warden --task=antispam:plugin:olevbmacroOption |
Value | Default | Description |
|---|---|---|---|
--olemacro_num_mime |
<string> | 5 | The maximum number of matching MIME parts the plugin will scan. |
--olemacro_num_zip |
<string> | 8 | The maximum number of matching zip members the plugin will scan. |
--olemacro_zip_depth |
<string> | 2 | The max depth to recurse within zip files. |
--olemacro_extended_scan |
<string> | 0 | Scan more files for potential macros, olemacro_skip_exts still honored. This is off by default and should not be needed. If this is turned on consider adjusting values for olemacro_num_mime and olemacro_num_zip and prepare for more CPU overhead. |
--olemacro_prefer_contentdisposition |
<string> | 1 | The content-disposition header filename be preferred if ambiguity is encountered whilst trying to get filename. |
--olemacro_max_file |
<string> | 1024000 | The largest file that the plugin will decode from the MIME objects. |
--olemacro_exts |
<string> | (?:doc|docx|dot|pot|ppa|pps|ppt|rtf|sldm|xl|xla|xls|xlsx|xlt|xslb)$ | The extensions the plugin targets for macro scanning. |
--olemacro_macro_exts |
<string> | (?:docm|dotm|ppam|potm|ppst|ppsm|pptm|sldm|xlm|xlam|xlsb|xlsm|xltm|xps)$ | The extensions the plugin treats as containing a macro. |
--olemacro_zips |
<string> | (?:zip)$ | The extensions for the plugin to target as zip files. |
--olemacro_skip_exts |
<string> | (?:dotx|potx|ppsx|pptx|sldx|xltx)$ | The extensions for the plugin to skip entirely, these should only be guaranteed macro free files. |
--olemacro_skip_ctypes |
<string> | ^(?:text\/) | The Configure types for the plugin to skip entirely, these should only be guaranteed macro free. |
--default |
<yes> | Reset all settings to their default values. | |
--default_option |
<option> | Reset a specific setting to its default value. | |
--reload |
<yes> | Reload the service after saving settings. |
// set the olemacro_num_mime
warden --task=antispam:plugin:olevbmacro --olemacro_num_mime=10 --reload=yes
// reset olemacro_num_mime to its default value
warden --task=antispam:plugin:olevbmacro --default_option=olemacro_num_mime --reload=yes
// reset all settings to their default values
warden --task=antispam:plugin:olevbmacro --default=yes --reload=yes