RT,我现在做一个文件同步的项目(Python 实现),由于涉及到文件安全的问题,需要检测office文件中是否含有宏,并进行相应操作。
看到网上有一些宏病毒专杀工具,但是没有找到源码,不知道是怎么实现的。另外,我在office官网上看到,office文件有一个属性:.HasVBProject,不知道是否可以辨识宏。
hasVBproject
在某一网址上看到一个检测宏的方法,不知道是否可用Searching for Microsoft Office Files Containing Macro
The usual idea is to locate whether there is some kind of malicious code in the program by analyzing the program signature. You can first use a binary analysis tool to scan the office file containing macros, try to extract the signature, and then write a program to analyze the binary code. distinguish. This is what regular antivirus software does.
But I think it’s more troublesome to do this. What if the opponent does a free kill? And it is impossible for you to have such a large signature library to distinguish various macro viruses by yourself.
So consider starting from other angles. First synchronize the files to a server containing anti-virus software. (If you have extremely high security requirements, you can use NFS to create a public scanning area. Multiple virtual machines map this NFS. Different virtual machines install Scan with different anti-virus software to maximize the signature library). After each virus is removed, it is thrown into the storage and the copy is cleared at the same time.
Added:
How come there is no feature code? I just created an excel with macros and opened it with xxd:
Then open another document without macros:
Obviously, excel with macros saved contains binary information like VBA.