Closed DavidePrincipi closed 3 years ago
in 7.8.2003/testing
:
in 7.8.2003/testing
:
VERIFIED
Public SMTP service rejects:
Nov 4 12:21:42 host rspamd[7237]: <4c5806>; lua; common.lua:107: oletools: result - office macrofound: "MA------ - score: 1"
Nov 4 12:21:42 host rspamd[7237]: <4c5806>; lua; common.lua:107: oletools: result - office macrofound: "AutoOpen - score: 1"
Nov 4 12:21:42 host rspamd[7237]: <4c5806>; proxy; rspamd_add_passthrough_result: <86181b64d152a9bffe719f375e5e0e72@host.it>: set pre-result to 'reject' (no score): 'Rejected suspicious office document
macro' from oletools(1)
Authenticated SMTP session accepts the same message instead.
Just for the record, to flush the oletools verdicts cache run the following command
redis-cli -s /var/run/redis-rspamd/rspamd --raw KEYS rs_oletools_* | xargs -- redis-cli -s /var/run/redis-rspamd/rspamd DEL
To check how much seconds before a cache entry is being expunged from the cache (first match only)
redis-cli -s /var/run/redis-rspamd/rspamd --raw KEYS rs_oletools_* | xargs -L 1 -- redis-cli -s /var/run/redis-rspamd/rspamd TTL
in 7.8.2003/updates
:
Some kind of Office files with bad macros are not blocked by Olefy 0.56
Steps to reproduce
I cannot attach original messages, but the spam folder might contain some good examples. As alternative, run the procedure at https://www.heise.de/security/dienste/emailcheck/attachments/test_doc_macro/ to receive one.
Expected behavior
Actual behavior
Components
nethserver-mail-filter-2.18.0-1.ns7.noarch