[Esd-l] Trapped poisoned Microsoft attachments?
Scott Taylor
scott at dctchambers.com
Fri Feb 14 16:29:16 PST 2003
At 03:23 PM 2/14/03, Henry Kwan wrote:
>Hi.
>
>I've been using Sanitizer for awhile now but recently I've been getting a
>lot of bounces with the following reason:
>
>REPORT: Trapped poisoned Microsoft attachment
>REPORT: Macro Scanner score: 99
>STATUS: Message quarantined, not delivered to recipient.
>
>These tend to be either Word or PowerPoint files. What is keying
>Sanitizer to bounce some DOC/PPT files but not others? They all scan
>clean with the latest version of Norton. Can I tweak something so that
>Sanitizer isn't as sensitive to DOC/PPT files? Usually I advise people
>to zip the files but some folks don't like/know-how to zip their
>attachments.
Macros inside Office documents make up the score. You can set the Max
score to allow, it tells you how in John's Docs.
If I were getting scores over 70 I would want to see what people are
putting in their macros and make sure it isn't going to create or delete or
modify any files. AFAIK, auto-start macros give a good high score. Check
out the documents with these scores, it may not be something that shows up
on your virus scanner, yet.
Better yet, just bounce the whole thing and stop using email for M$ Office
document transfers. (OK, we don't need to start that argument, it's just
the way I feel about M$ Office) =P
Scott.
More information about the esd-l
mailing list