Jump to content


Blocking .doc/.docx with Macros?

macros doc docx vba

  • Please log in to reply
140 replies to this topic

#141 Jaybone

  • Members
  • 125 posts

Posted 29 May 2019 - 09:54 AM

so i noticed today i am still receiving malicious email with MIME_DOC_AUTOOPEN rule hits even though i have macros "blocked"


i've been asking for several years and thought i'd ask again.


how can we block/quarantine email that triggers the MIME_DOC_AUTOOPEN rule?


this one made it through to me today and thankfully my endpoint security stopped it but why can't i stop it at the barracuda?


X-Barracuda-Spam-Report: Code version 3.2, rules version
    Rule breakdown below
     pts rule name description
    ---- ---------------------- --------------------------------------------------
    0.00 BSF_SA_CLSFR_TRK1 Custom Rule BSF_SA_CLSFR_TRK1


my endpoint security caught it as VHO:Trojan.MSOffice.SAgent.gen


I just came here to look for anything about this.

Ideally, we'd be able to make the "Custom Rule MIME_DOC_AUTOOPEN" rule trigger a hard block, not just add to the score.