[Esd-l] Scanning for macros
John D. Hardin
jhardin at impsec.org
Thu Sep 20 06:20:01 PDT 2001
On Thu, 20 Sep 2001, Paul Thomas wrote:
> It is my understanding from the one paragraph on impsec regarding
> the scanning off macros, that the sanitizer does this by default
> unless disabled. Well I have not disabled scanning but I keep
> getting the following:
>
> REPORT: Not a document, or already poisoned by filename. Not scanned for
> macros
This means that you have a filename rule that is poisoning it by
filename before it even decides it's eligible for scanning.
> Just what is the behavior of the macro scanning function anyway?
It looks for suspicious things in VBA macros, like messing about in
the registry, changing the application security settings, etc.
--
John Hardin KA7OHZ ICQ#15735746 http://www.wolfenet.com/~jhardin/
jhardin at impsec.org pgpk -a finger://gonzo.wolfenet.com/jhardin
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
In 1998 more than three times as many people in the US were killed
by incompetent physicians than were killed by handguns, yet the
President of the A.M.A. is adopting "gun safety" as his platform.
-----------------------------------------------------------------------
1139 days until the Presidential Election
More information about the esd-l
mailing list