Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 1 reply
  • Subscribers 4 subscribers
  • Views 4228 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Protecting from MS Office macros

AxelWeidner

Hello everybody,

quite a lot of the ransomware incidents occurring have begun with some person receiving a legitimate-looking email which had an MS Office document as it's attachment. The document contained some macro code which started to execute upon opening the document and maybe allowing macro code execution. And fate began ....

What we Need to do fro a couple of our customers is to provide configuration within their UTM9 Systems to block MS Office files which contain macros and move them to quarantine. This must work safely and must not miss any macros.

Has anybody of you been doing this before? I've been looking for configuration Options in order to get this accomplished but I've found nothing.

Seems incredible to me and I just can't belive there is really no way to esablish thsi Kind of mail security with a Universal Threat Management System like Sophos/Astaro UTM9.


Kind regards,

Axel



This thread was automatically locked due to age.
Parents
  • +1

    Just add the types to the MIME-Type filter under the malware section in Email protection:

    I'll append my list. As you can see it contains mostly macro enabled office documents and some executables.

    application/vnd.ms-word.document.macroEnabled.12
    application/vnd.ms-word.template.macroEnabled.12
    application/vnd.ms-excel.sheet.macroEnabled.12
    application/vnd.ms-excel.template.macroEnabled.12
    application/vnd.ms-excel.addin.macroEnabled.12
    application/vnd.ms-excel.sheet.binary.macroEnabled.12
    application/vnd.ms-powerpoint.addin.macroEnabled.12
    application/vnd.ms-powerpoint.presentation.macroEnabled.12
    application/vnd.ms-powerpoint.template.macroEnabled.12
    application/vnd.ms-powerpoint.slideshow.macroEnabled.12
    application/vnd.ms-powerpoint.slide.macroEnabled.12
    application/javascript
    application/json
    text/javascript
    application/exe
    application/x-exe
    application/dos-exe
    vms/exe
    application/x-winexe
    application/msdos-windows
    application/x-msdos-program
    application/x-msdownload
    application/rtf

     

    Best regards

    Alex

     

    P.S. It's working and it's possible with UTM.

    -

Reply
  • +1

    Just add the types to the MIME-Type filter under the malware section in Email protection:

    I'll append my list. As you can see it contains mostly macro enabled office documents and some executables.

    application/vnd.ms-word.document.macroEnabled.12
    application/vnd.ms-word.template.macroEnabled.12
    application/vnd.ms-excel.sheet.macroEnabled.12
    application/vnd.ms-excel.template.macroEnabled.12
    application/vnd.ms-excel.addin.macroEnabled.12
    application/vnd.ms-excel.sheet.binary.macroEnabled.12
    application/vnd.ms-powerpoint.addin.macroEnabled.12
    application/vnd.ms-powerpoint.presentation.macroEnabled.12
    application/vnd.ms-powerpoint.template.macroEnabled.12
    application/vnd.ms-powerpoint.slideshow.macroEnabled.12
    application/vnd.ms-powerpoint.slide.macroEnabled.12
    application/javascript
    application/json
    text/javascript
    application/exe
    application/x-exe
    application/dos-exe
    vms/exe
    application/x-winexe
    application/msdos-windows
    application/x-msdos-program
    application/x-msdownload
    application/rtf

     

    Best regards

    Alex

     

    P.S. It's working and it's possible with UTM.

    -

Children
No Data
Unfiltered HTML