CIRCL
/
PyCIRCLean
mirror of https://github.com/CIRCL/PyCIRCLean
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: Update oletools usage

pull/26/head
Raphaël Vinot 2019-08-29 11:44:52 +02:00
parent 546a19caab
commit 97b2edb184
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
filecheck/filecheck.py
View File

@ -404,9 +404,6 @@ class File(FileBase):
self.make_dangerous('WinOffice file containing a macro') self.make_dangerous('WinOffice file containing a macro')
else: else:
indicators = oid.check() indicators = oid.check()
if oid.macros.value or oid.ole.exists('macros/vba') or oid.ole.exists('Macros') \
or oid.ole.exists('_VBA_PROJECT_CUR') or oid.ole.exists('VBA'):
self.make_dangerous('WinOffice file containing a macro')
for i in indicators: for i in indicators:
if i.id == 'ObjectPool' and i.value: if i.id == 'ObjectPool' and i.value:
self.make_dangerous('WinOffice file containing an object pool') self.make_dangerous('WinOffice file containing an object pool')
@ -414,6 +411,8 @@ class File(FileBase):
self.make_dangerous('WinOffice file with embedded flash') self.make_dangerous('WinOffice file with embedded flash')
elif i.id == 'encrypted' and i.value: elif i.id == 'encrypted' and i.value:
self.make_dangerous('Encrypted WinOffice file') self.make_dangerous('Encrypted WinOffice file')
elif i.id == 'vba_macros' and i.value:
self.make_dangerous('WinOffice file containing a macro')
self.add_description('WinOffice file') self.add_description('WinOffice file')