Article ID: 210916241

Protection from macro viruses

Tags:  Microsoft Exchange  Microsoft SMTP  Watchdog

Problem

Macro viruses usually lurk in Microsoft Office documents. They often enter a computer system via documents sent as email attachments or are accidentally downloaded when users click on malicious URLs in phishing mails.

If a user receives an infected document by email and simply attempts to open it, the embedded virus may quickly spread to other operating systems, alter default settings, possibly encrypt or even delete data, resulting in significant consequences for your company.

Numerous scenarios can be executed by iQ.Suite to detect and disarm macro viruses sent by email in Microsoft Office documents prior to user delivery. If the document is determined to be trustworthy, it can be subsequently delivered in its original form.

Solution

Attachments sent by email can be analysed for macro viruses and VBA (Visual Basic for Applications) scripts in Microsoft Office documents by iQ.Suite Watchdog, with the original document being temporarily placed in quarantine. File attachments should be checked by one or more virus scanners first.

File attachments in incoming emails can be examined by selecting the corresponding file patterns in the “Fingerprints“ category. The original document is copied into a separate quarantine and marked with an iQ.Suite tag for further processing.

Before the document is delivered to the user, it is converted to a PDF file by iQ.Suite Convert. To ensure that only the selected file attachments are converted, the corresponding iQ.Suite tag is evaluated according to the following conditions.

Select the following option to remove the original file attachment from the email. As an option a PDF/A can be created for conversion.

The intended recipient should be notified that the original file attachment has been converted to a PDF file for security reasons and instructed how to request the original file.

Alternatively, macros can be removed from Office documents using iQ.Suite Convert and the cleaned file can be delivered to the recipient in the original format.

Additional scenarios can be executed based on the iQ.Suite set of rules, enabling delivery of the original file attachment to the user or requesting delivery.

The Microsoft Office document is copied by iQ.Suite Watchdog into a quarantine which automatically releases the email to the recipient after a certain period of time. The recipient can also request the original document via the received quarantine summary report by global notification.

In either case, the email should be checked by a virus scanner upon leaving the quarantine.

Last updated: 21 September 2016


« Previous article Next article »

Rate it

0/5 stars (0 votes)
Protection from macro viruses 0 5 0

Add a comment


Captcha

Go back

Cookies are important to the proper functioning of this site. Click Agree to proceed and accept cookies. Learn more >>