Jump to content


Photo

Blocking .doc/.docx with Macros?

macros doc docx vba

  • Please log in to reply
140 replies to this topic

#141 Jaybone

Jaybone
  • Members
  • 116 posts

Posted 29 May 2019 - 09:54 AM

so i noticed today i am still receiving malicious email with MIME_DOC_AUTOOPEN rule hits even though i have macros "blocked"

 

i've been asking for several years and thought i'd ask again.

 

how can we block/quarantine email that triggers the MIME_DOC_AUTOOPEN rule?

 

this one made it through to me today and thankfully my endpoint security stopped it but why can't i stop it at the barracuda?

 

X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.71877
    Rule breakdown below
     pts rule name description
    ---- ---------------------- --------------------------------------------------
    2.50 MIME_DOC_AUTOOPEN Custom Rule MIME_DOC_AUTOOPEN
    0.00 BSF_SA_CLSFR_TRK1 Custom Rule BSF_SA_CLSFR_TRK1

 

my endpoint security caught it as VHO:Trojan.MSOffice.SAgent.gen

 

I just came here to look for anything about this.

Ideally, we'd be able to make the "Custom Rule MIME_DOC_AUTOOPEN" rule trigger a hard block, not just add to the score.