You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by "Kevin A. McGrail" <km...@apache.org> on 2022/05/01 04:30:51 UTC

Re: Microsoft to block Office VBA macros by default

Hi All,

 From my perspective, these macro enabled files need to be blocked and 
enabling the OLEVBMacro plugin and using the KAM ruleset will help in 
that goal

NOTE: Microsoft says these macros need to be vetted every time they 
leave your control.  The recent change from Microsoft to disable also 
goes back to 2013 not just o365.  Here's a better article: 
https://arstechnica.com/gadgets/2022/02/microsoft-will-block-downloaded-macros-in-office-versions-going-back-to-2013/

Finally, in my stack,"We work to score Office documents with macros so 
they are considered spam due to the risk in receiving them." and have 
done so for years.

Regards,

KAM

On 3/15/2022 3:42 PM, Greg Troxel wrote:
> Alex <my...@gmail.com> writes:
>
>> I'm just curious if this announcement has changed anyone's thinking
>> about how we should be handling docx/xlsx/etc attachments in email?
>> This obviously doesn't prevent someone from emailing a document with a
>> malicious macro, but is this going to provide sufficient protection
>> once a potentially malicious document is received to relax email
>> protections a bit?
>>
>> https://www.theverge.com/2022/2/7/22922032/microsoft-block-office-vba-macros-default-change
>>
>> Are you outright blocking these attachments? Perhaps you're only
>> blocking those with macros?
>>
>> Is the ExtractText plugin good enough to extract potentially malicious
>> links to be checked?
> Can you explain your thinking on the causal link and timeline from an
> announcement to 99.999% of actual windows systems having updated code
> that behaves this way?
>
> The article says
>
>    "The change will apply to Office files that are downloaded from the
>    internet and include macros"
>
> which implies that other files - which may or may not have arrived in
> mail - might be treated differently.
>
> It talks about Office 365.   It doesn't say anything about old,
> unmaintained copies of Office on XP.
>
>
> I don't see any reason it makes sense to to lighten up on protections.

-- 
Kevin A. McGrail
KMcGrail@Apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171