MacroMilter
MacroMilter copied to clipboard
sbidy
This python based milter (mail-filter) checks an incoming mail for suspicious VBA macro code in MS 20xx Office attachments (doc, xls, ppt ...).
Not sure if this is feasible just yet. Still looking for some kind of decompiler and tools like oletools for ms office files, but this two filetypes might profit from...
I managed to install MacroMilter as a service under Debian. Also added the milter using `postconf -e smtpd_milters=inet:127.0.0.1:3690 milter_default_action=accept` It seems to work but I sometimes get an error in...
I think it would be helpful to introduce a new configuration option to allow suspicious macros depending on recipient, so that special destination e-mail addresses/mailboxes still can receive e-mails with...
Development of a SELinux policy for inclusion into `selinux-policy-targeted` of Fedora (and thus in the very last end also for RHEL/CentOS). Such a policy should cover both, unix sockets and...
2018-06-06 09:40:38,733 - DEBUG: [197] Content-Type: 'multipart/mixed' 2018-06-06 09:40:38,733 - DEBUG: [197] Content-Type: 'multipart/alternative' 2018-06-06 09:40:38,734 - DEBUG: [197] Content-Type: 'text/plain' 2018-06-06 09:40:38,734 - DEBUG: [197] Analyzing attachment: None 2018-06-06...
This implementation is definitely not final, more a proof of concept. While coding I discovered issues #37 and #38.
PDF is the newest attack vector in Qakbot campaigns. The format itself is portable and used widely. There can be JS inside, exploits of the reader itself or social engineering...