I need a solution
Hi All,
We are being bombarded with Doc files containing VBA macros. I have picked apart a couple of them and found several common strings. In SMSME i have created an attachment content rule matching any of the following literal strings:
ShellExecute
Extract_Enc_Key
DecryptParts
InputStringToBeDecrypted
AutoOpen
URLDownloadToFile
CbjreFuryy.rkr
PowerShell.exe
URLDownloadToFileA
vbFromUnicode
XorByDataLen
ShellV
This doesn't seem to work and i'm not too sure on why? Does SMSME only read the text content of the doc file, not the file at a lower level?
Many Thanks
Tom