OLEMacro is a plug in that searches attached documents for evidence of containing an OLE Macro. Several detection methods are in use, see the code comments for references.
| Area | Test name | Description | Default scores |
|---|---|---|---|
| body | OLEMACRO |
Attachment has an Office Macro | 0.1 |
| body | OLEMACRO_MALICE |
Potentially malicious Office Macro | 7.0 |
| body | OLEMACRO_RENAME |
Has an Office doc that has been renamed | 4.0 |
| body | OLEMACRO_ZIP_PW |
Has an Office doc that is password protected in a zip | 5.0 |
| body | OLEMACRO_ENCRYPTED |
Has an Office doc that is encrypted | 6.0 |