self-hosted/Mailu
1
0
Fork 0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-12 10:45:38 +02:00
Code Issues Releases Activity

Block VBA Stomping too

Browse Source
This commit is contained in:
Florent Daigniere 2022-11-23 18:56:16 +01:00
parent 3e45a791cf
commit 7e1ab7978e
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/rspamd/conf/composites.conf
View File

@ -5,7 +5,7 @@ OLETOOLS_MACRO_MRAPTOR {
score = 20.0;
}
OLETOOLS_MACRO_SUSPICIOUS {
expression = "OLETOOLS & OLETOOLS_SUSPICIOUS";
expression = "OLETOOLS_SUSPICIOUS | OLETOOLS_VBASTOMP";
message = "Rejected (malicious macro)";
policy = "leave";
score = 20.0;

1
core/rspamd/conf/external_services.conf
View File

@ -13,6 +13,7 @@ oletools {
OLETOOLS_MACRO = '^.....M..$';
OLETOOLS_AUTOEXEC = '^A....M..$';
OLETOOLS_SUSPICIOUS = '^.....MS.$';
OLETOOLS_VBASTOMP = '^.....M.V$';
# see https://github.com/decalage2/oletools/blob/master/oletools/mraptor.py
OLETOOLS_A = '(?i)\b(?:Auto(?:Exec|_?Open|_?Close|Exit|New)|Document(?:_?Open|_Close|_?BeforeClose|Change|_New)|NewDocument|Workbook(?:_Open|_Activate|_Close|_BeforeClose)|\w+_(?:Painted|Painting|GotFocus|LostFocus|MouseHover|Layout|Click|Change|Resize|BeforeNavigate2|BeforeScriptExecute|DocumentComplete|DownloadBegin|DownloadComplete|FileDownload|NavigateComplete2|NavigateError|ProgressChange|PropertyChange|SetSecureLockIcon|StatusTextChange|TitleChange|MouseMove|MouseEnter|MouseLeave|OnConnecting))|Auto_Ope\b';
OLETOOLS_W = '(?i)\b(?:FileCopy|CopyFile|Kill|CreateTextFile|VirtualAlloc|RtlMoveMemory|URLDownloadToFileA?|AltStartupPath|WriteProcessMemory|ADODB\.Stream|WriteText|SaveToFile|SaveAs|SaveAsRTF|FileSaveAs|MkDir|RmDir|SaveSetting|SetAttr)\b|(?:\bOpen\b[^\n]+\b(?:Write|Append|Binary|Output|Random)\b)';