discover if ,doc attached file contain macro
i'd like to know if is possible analyzer doc file attached to an email and discover if it contain macro and if has it put the message in quarantine
this function absolutely necessary for an UTM !
Chris Foster commented
Macro virus's only seem to be getting more prolific and the detection rate for them currently is abysmal. Legitimate uses of office documents which contain macros are rare for most of our clients however .doc and .xls files are still often used.
Quarantining any attachment containing macros will greatly reduce the amount of malware getting through the firewall with minimal impact on our users.
Please add this detection feature.
I would like to have this feature on the endpoint protection
Agree with previous commenters... Why can we not block macro attachments on a UTM (SG 330)
Steve Wynne-Jones commented
Yes would definitely be a good feature. I understand Puremessage can do this, so why not the UTM?
With the recent multi-part Dridex campaigns that have been active recently, where an office file (either word doc or excel spreadsheet) or a PDF file arrives via email and this then tries to download the secondary malware payload, I believe this should be implemented. The 2nd stage .exe download can easily be defended against by blocking executables at the web filter, however the 1st stage malware is very difficult to block. It's not feasible to block all .doc or .xls files as this will hinder legitimate email use, however blocking all .doc or .xls files that contains macros will be more useful and will protect against this attack.