Re: Difficulty getting OLEVBMacro rules to work

["Kevin A. McGrail" <km...@apache.org>]

The ruleset KAM.cf at mcgrail.com has rules for this plugin too.

On Sat, Oct 31, 2020, 13:08 Jason Wong <wo...@yahoo.com> wrote:

> Thank you RW, that was it.
>
> Although, I don't understand why those rules aren't defined by default -
> the manpage suggests using ifplugin Mail::SpamAssassin::Plugin::OLEVBMacro
> for the rules, and the plugin isn't loaded by default, so why not have
> those rules all the time with ifplugin?
>
> Anyway, one other thing I noticed (unless I'm missing something again), is
> that some of the default macro extensions are incorrect:
>
> olemacro_exts (default:
> (?:doc|docx|dot|pot|ppa|pps|ppt|rtf|sldm|xl|xla|xls|xlsx|xlt|xltx|xslb)$)
>         Set the case-insensitive regexp used to configure the extensions
> the  plugin targets for macro scanning
>
> olemacro_macro_exts (default:
> (?:docm|dotm|ppam|potm|ppst|ppsm|pptm|sldm|xlm|xlam|xlsb|xlsm|xltm|xltx|xps)$)
>         Set the case-insensitive regexp used to configure the extensions
> the plugin treats as containing a macro
>
> olemacro_skip_exts (default: (?:dotx|potx|ppsx|pptx|sldx|xltx)$)
>        Set the case-insensitive regexp used to configure extensions for
> the plugin to skip entirely, these should only be guaranteed macro free
> files
>
> The .docx, .xlsx, and .pptx files don't contain macros:
> https://en.wikipedia.org/wiki/List_of_Microsoft_Office_filename_extensions
>
> Of course, a spammer could rename a macro-containing word file as .docx,
> but I guess that's what the olemacro_extended_scan option to look for
> renamed files is for.
>
> Thanks again.
>
>
>
> On Friday, October 30, 2020, 7:05:49 PM EDT, RW <
> rwmaillists@googlemail.com> wrote:
>
>
>
> You didn't mention creating the rules. The tests have their own
> definitions.
>
> see perldoc Mail::SpamAssassin::Plugin::OLEVBMacro
>
>