[Rspamd-Users] Another question regarding oletools
Thomas Plant
thomas at plant.systems
Tue Jul 9 10:03:03 UTC 2019
Hi,
I have another question about oletools. I do not get any score when
oletools discovers something bad in an office document. Shouldn't it
assign a score > 1 for the example below? In the rspamd symbols I see
the following:
OLETOOLS(0.00){AutoExec + Suspicious (Workbook_Open,Shell,Chr);}
And in local.d/external_services_group.conf I have:
symbols = {
"OLETOOLS" {
weight = 1.1;
description = "OLETOOLS found a Macro";
}
}
What am I getting wrong?
Greetings,
Thomas
More information about the Users
mailing list