OLEMacro

This plugin is considered experimental and is not insalled by default. It is recommended for experienced users only who know whats involved in properly maintaining it. Use it at your own risk. More Information

Install

RHEL / Centos:

wget https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm -P /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/
chmod 444 /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm

Debian / Ubuntu:

wget https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm -P /usr/share/perl5/Mail/SpamAssassin/Plugin/
chmod 644 /usr/share/perl5/Mail/SpamAssassin/Plugin/OLEMacro.pm

Then login to Plesk and go to Warden Anti-spam and Virus Protection -> Settings -> Plugin Settings to enable it then restart the Anti-spam service. When enabled Warden will install default rules for this plugin to /etc/mail/spamassassin/OLEMacro.cf

About

OLEMacro is a plug in that searches attached documents for evidence of containing an OLE Macro. Several detection methods are in use, see the code comments for references.

Tests

Area Test name Description Default scores
body OLEMACRO Attachment has an Office Macro 0.1
body OLEMACRO_MALICE Potentially malicious Office Macro 7.0
body OLEMACRO_RENAME Has an Office doc that has been renamed 4.0
body OLEMACRO_ZIP_PW Has an Office doc that is password protected in a zip 5.0
body OLEMACRO_ENCRYPTED Has an Office doc that is encrypted 6.0

Related Pages