Overview
Some users are receiving the following email:
"Viruses Found: Heuristics.OLE2.ContainsMacros"
From: "Content-filter at mx01.getsecuremx.com" <virusalert@getsecuremx.com>
Subject: Virus contained in mail addresses to you
Date: 15 May 2019 13:04:54 BRT
To: <youremail@yourmailserver.com>
Virus Alert
Our content checker found 1 virus(es) in an email addressed to
you claiming to be from <someemailuser@externalmailorg.com>.
Viruses Found:
Heuristics.OLE2.ContainsMacros
Please contact your system administrator for further details.
For your reference, here are the headers from the email: [...]
This article provides clarifications about this kind of alert.
Root Cause
Some excel macro functions can be identified as malicious on excel files, and the Antivirus may filter it for security reasons. This does not mean the file contains a virus, but it means we need to be extra careful with them.
Macro function frequently used on malicious Excel files:
- Auto_Open
- ShellExecute
- Shell
- WScript.Shell
- Run
Advisable Workaround
If you know and trust the sender, and you want to have an additional security layer, we strongly recommend that these types of files be transferred through SFTP or HTTPS or any other secure method. This way, you can guarantee that the file was not modified during an insecure path of the communication between the sender and the receiver.
Additional Information
Microsoft Excel Files Increasingly Used To Spread Malware
Priyanka Bhotika
Comments