Is it a common practice to deny/filter e-mails that contain files with macros?

In this Ask the Expert Q&A, resident network security expert, Mike Chapple, discusses whether it a common practice to deny/filter e-mails that contain files with macros.

Mike Chapple, University of Notre Dame

Is it a common practice to deny/filter e-mails that contain files with macros? I currently have our firewalls set to deny VBA's and macro-laden files, but we need to send some files back and forth to headquarters and subs. Are there alternative setups or should we not worry about blocking macros?

At this point in time, I'd say it's standard practice for organizations to use an antivirus scanner on all inbound e-mails. In fact, you'd be hard-pressed to find anyone who doesn't. Worm outbreaks like Melissa and ILOVEYOU in the late 1990s forced everyone's hand in that respect.

The whole idea of blocking various classes of e-mail can be somewhat tricky and controversial. I know of organizations that block all documents containing scripts, while others block all compressed files because they might be encrypted. This really comes down to a business decision. If you have a business need for these files, you probably don't want to block them completely. It's reasonable to rely on your mail server's antivirus software to detect and remove malicious scripts. On the other hand, if you're able to clearly identify those senders (say everyone at foo.com) that need to exchange script-laden files, you might want to configure your server to reject these attachments from anyone else.

This was last published in April 2006

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

How does the Locky ransomware file type affect enterprise protection? Locky ransomware has, again, changed tactics by moving to using LNK files for distribution. Expert Nick Lewis explains how enterprises can adjust protections for this shift.

Why have macro malware authors moved toward using OLE technology? Threat actors are moving from macro malware to using OLE technology to spread their malicious code. Expert Michael Cobb explains what enterprises should look out for.

Cyber criminals use Microsoft PowerShell in ransomware attacks A newly discovered family of ransomware, dubbed PowerWare, uses Microsoft PowerShell to target organisations through macro-enabled documents

executable file (exe file) An executable file (exe file) is a computer file that contains a sequence of instructions that the operating system can execute directly.

How can macro malware and macro virus threats be prevented? Macro viruses are back in the form of macro malware, creating a potentially major issue for enterprises. Expert Nick Lewis explains how to ensure your organization doesn't fall victim.

Macro viruses reemerge in Word, Excel files Macro viruses haven't been popular since the early 2000s, but recent malware discoveries indicate that macro-infected Word and Excel files are on the rise.

Related Q&A from Mike Chapple

The difference between AES and DES encryption

Choosing to encrypt confidential data with AES or DES encryption is an important cybersecurity matter. Learn about the important differences between ... Continue Reading

How to prevent DoS attacks in the enterprise

It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares ... Continue Reading

How should HIPAA covered entities respond to healthcare ransomware?

The HHS OCR ruled that healthcare ransomware attacks are HIPAA violations, so these covered entities need to react according to the HHS's guidance. ... Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

SearchCloudSecurity

McAfee launches security tool Mvision Cloud for Containers

Cloud security posture management, container images vulnerability scanning and DevOps integration are among features included in ...

How to implement zero-trust cloud security

The nature of cloud environments and workloads is changing. Security team approaches must evolve in response. Learn how to ...

AWS Access Analyzer aims to limit S3 bucket exposures

Amazon Web Services introduced the Access Analyzer tool at its re:Invent event. The new option aims to help users avoid ...

SearchNetworking

Consider these 5 FAQs for network monitoring best practices

New technologies are transforming how organizations plan network management and monitoring, introducing questions about legacy ...

Cisco's Silicon One networking chip targets cloud data centers

Cisco's Silicon One chip launch demonstrates a willingness to embrace white box routers in the hyperscale data centers of cloud ...

7 factors to consider in network redundancy design

Network pros have multiple factors to consider when it comes to adding redundancy in network design, including network equipment,...

SearchCIO

Transforming operations for successful cloud adoption

Still considering making the move to the cloud? Here are best practices and cloud-centric processes CIOs should follow to enable ...

IT workforce skews younger, says analysis of US data

The IT workforce is getting younger, according to government IT workforce data. The reasons for this are subject to a debate that...

Top edge computing trends to watch in 2020

Edge computing is still an evolving technology domain and enterprises should expect continued evolution in the year ahead. Here ...

SearchEnterpriseDesktop

How to shut down and restart a remote computer

Shutting down or restarting a computer remotely is often a necessary process. Explore the multiple ways to do so, using methods ...

Setting up Windows 10 kiosk mode with 4 different methods

For desktop admins, setting up Windows 10 kiosk mode can be a confusing process. IT should learn these four methods and choose ...

Microsoft extends Office 365 benefit to nonprofit volunteers

Thursday's announcement extends the company's September offering of 10 free Microsoft 365 Business licenses for nonprofits' ...

SearchCloudComputing

The future of the Kubernetes ecosystem isn't all about cloud

Developers still lean on the public cloud to simplify Kubernetes deployments, but that won't always be the case. See how ...

Evaluate general and niche cloud service use cases

Can't decide between a niche cloud provider or a hyperscaler? Review some real-world examples to help weigh the options and find ...

Compare niche cloud services to the hyperscale offerings

Consider your enterprise's specific needs when choosing between niche clouds and hyperscale clouds. Here's an overview of what ...

ComputerWeekly.com

Alarm bells ring, the IoT is listening

With Christmas bearing down on us, a series of vulnerability disclosures has drawn attention to the parlous state of IoT security...

New government faces calls to urgently deliver on pre-election pledge to review IR35 reforms

Contracting groups and trade associations say prime minister Boris Johnson must deliver on his party’s pledge to review the IR35 ...

Future fashion: does that dress come in digital?

A visit to a technology-fuelled fashion pop-up paints a picture of a world where retailers and brands sell virtual clothes for ...

Is it a common practice to deny/filter e-mails that contain files with macros?

In this Ask the Expert Q&A, resident network security expert, Mike Chapple, discusses whether it a common practice to deny/filter e-mails that contain files with macros.

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Related Q&A from Mike Chapple

The difference between AES and DES encryption

How to prevent DoS attacks in the enterprise

How should HIPAA covered entities respond to healthcare ransomware?

Have a question for an expert?

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

McAfee launches security tool Mvision Cloud for Containers

How to implement zero-trust cloud security

AWS Access Analyzer aims to limit S3 bucket exposures

SearchNetworking

Consider these 5 FAQs for network monitoring best practices

Cisco's Silicon One networking chip targets cloud data centers

7 factors to consider in network redundancy design

SearchCIO

Transforming operations for successful cloud adoption

IT workforce skews younger, says analysis of US data

Top edge computing trends to watch in 2020

SearchEnterpriseDesktop

How to shut down and restart a remote computer

Setting up Windows 10 kiosk mode with 4 different methods

Microsoft extends Office 365 benefit to nonprofit volunteers

SearchCloudComputing

The future of the Kubernetes ecosystem isn't all about cloud

Evaluate general and niche cloud service use cases

Compare niche cloud services to the hyperscale offerings

ComputerWeekly.com

Alarm bells ring, the IoT is listening

New government faces calls to urgently deliver on pre-election pledge to review IR35 reforms

Future fashion: does that dress come in digital?

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Related Q&A from Mike Chapple

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.