Jump to content


Photo

Password Protected, Virus Infected, Word Documents

password doc attachment virus

This topic has been archived. This means that you cannot reply to this topic.
2 replies to this topic

#1 Brent Strignano

Brent Strignano
  • Members
  • 2 posts

Posted 28 January 2020 - 04:32 PM

Hello,

 

We are seeing a large increase in password protected .DOC file attachments containing macro virus making it through CPL. ATP, and ESG.

All of them contain the password to open the attachment in the body of the email "for security reasons"  

 

Is there any way to detect and block (or at lease quarantine) these emails?

We already quarantine password protected archives, but these are making it through.

 

Thanks,

Brent



#2 Michael Manning

Michael Manning
  • Members
  • 270 posts

Posted 29 January 2020 - 11:06 AM

Since the earlier .doc and .xls are considered riskier than the current MS docx and xlsx file types and are known to be used to propagate malware maybe try filtering those file types under attachment filename filters?

 

Or perhaps since macros are typically the security threat associated with early MS file types and current macro enabled files (.docm, .xlsm, etc)  perhaps set the option Block Macros under the attachment file type section



#3 opjose

opjose
  • Members
  • 261 posts

Posted 13 February 2020 - 01:44 PM

Blocking both the file types and turning on the macro settings for all files potentially containing macros is a good idea.

 

Don't forget to block template files as well, as they can introduce scripting changes that intercept user's "clicks" on normal menu items to launch malware.

 

The best approach is to block all attachments excepting those that cannot contain viruses or malware.