[Esd-l] macro scanning...
Agung Kuswanto NCS
kagung at ncs.com.sg
Fri Oct 31 07:28:05 PST 2003
Thanks John
If I want to detect any macro, may I know what is the string to be checked?
Thanks & Best Regards
Agung K
-----Original Message-----
A suggestion: macro and VBA code is fairly easy to detect. Get a
document with macros or VBA and look at it with a binary editor.
You'll see the code is stored as "\000macro-command" so if you have a
list of macro commands you can detect them pretty easily. You may need
to do this if you want to detect any macro, vs. just dangerous ones.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"It seems that some companies in the industry would rather use
deception rather than try and work things out diplomatically,
one-to-one."
-- Blake Stowell, SCO PR director, on RedHat
-----------------------------------------------------------------------
6 days until Matrix Revolutions
More information about the esd-l
mailing list