The newest craze, apparently, is to add garbage into Office '97 formatted *.doc and *.xls files so that when a user opens them, and ignores warnings from Defender or anything else, they get infected with something. Usually, a trojan horse or a dropper that goes and gets ransomware or something else.
The initial solution was to block *.doc, *.xls, and *.ppt according to MIME type, and bounce the inbound email.
But, my client has a few customers who are not tech savvy, don't understand that xlsx, docx, pptx, etc... are the new / safer versions of the files, and they refuse to use them. Still others have automated reporting that was created 15 years ago, and is not capable of sending these reports (commission and sales reports).
So, my client is stuck. If we blanket allow them, users will (eventually) infect themselves with something opening attachments they should not be opening (and ignoring warnings the computer throws up).
I need a way to reliably scan and block dangerous attachments using Postfix Spamassassin, and clamav.
What is a good playbook recipe, milter, or otherwise that can do this?
0 Answers