Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1281
Views
0
Helpful
0
Replies

Is there a way to block embedded links in office documents?

it-operation
Level 1
Level 1

‎10-31-2016 07:16 AM

Is there a way to block embedded links in Worddocuments?

Reason is the embedding of malware in word documents in this On Dridex and a new "Zero-Day-Distribution" method link.

So far, we created a filter which detects the content oleObject#.bin in Office files, but we only had false positives so far (embedded msg, ...):

AttachmentFilterBinInOfficeAttachment:
if (attachment-filename == "(?i)\\.(doc|dot|docx|dotx|dotm|docm|rtf|xls|xlsx|xlt|xla|xltx|xlsm|xltm|xlam|xlsb|ppt|pot|pps|ppa|pptx|potx|ppsx|ppam|pptm|potm|ppsm)$") AND
    (attachment-binary-contains("(?i)/embeddings/oleObject[0-9]+.bin"))
        {
            log-entry("MATCHED FILTER ATTACHMENT $MatchedContent");
        }

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents