{"id":11334,"date":"2022-03-25T12:00:13","date_gmt":"2022-03-25T11:00:13","guid":{"rendered":"https:\/\/blog.rwth-aachen.de\/itc\/?p=11334"},"modified":"2022-06-22T11:40:51","modified_gmt":"2022-06-22T09:40:51","slug":"makros-3","status":"publish","type":"post","link":"https:\/\/blog.rwth-aachen.de\/itc\/en\/2022\/03\/25\/makros-3\/","title":{"rendered":"Macros &#8211; E-mail Filtering at RWTH"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_11334 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_11334')){$('.twoclick_social_bookmarks_post_11334').socialSharePrivacy({\"txt_help\":\"Wenn Sie diese Felder durch einen Klick aktivieren, werden Informationen an Facebook, Twitter, Flattr, Xing, t3n, LinkedIn, Pinterest oder Google eventuell ins Ausland \\u00fcbertragen und unter Umst\\u00e4nden auch dort gespeichert. N\\u00e4heres erfahren Sie durch einen Klick auf das <em>i<\\\/em>.\",\"settings_perma\":\"Dauerhaft aktivieren und Daten\\u00fcber-tragung zustimmen:\",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/blog.rwth-aachen.de\\\/itc\\\/en\\\/2022\\\/03\\\/25\\\/makros-3\\\/\",\"post_id\":11334,\"post_title_referrer_track\":\"Macros+%26%238211%3B+E-mail+Filtering+at+RWTH\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p><div id=\"attachment_11335\" style=\"width: 310px\" class=\"wp-caption alignright\"><a href=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2022\/03\/email-g444052a0a_1920.jpg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-11335\" class=\"wp-image-11335 size-medium\" src=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2022\/03\/email-g444052a0a_1920-300x193.jpg\" alt=\"Screen with 2 ladybugs, gear and envelope\" width=\"300\" height=\"193\" srcset=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2022\/03\/email-g444052a0a_1920-300x193.jpg 300w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2022\/03\/email-g444052a0a_1920-1024x660.jpg 1024w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2022\/03\/email-g444052a0a_1920-768x495.jpg 768w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2022\/03\/email-g444052a0a_1920-1536x990.jpg 1536w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2022\/03\/email-g444052a0a_1920.jpg 1920w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><p id=\"caption-attachment-11335\" class=\"wp-caption-text\">Source: <a href=\"https:\/\/pixabay.com\/de\/illustrations\/email-betrug-attacke-laptop-virus-4563194\/\">Pixabay<\/a><\/p><\/div><\/p>\n<p>E-mails are a major gateway for cyberattacks. These attacks are no longer isolated incidents and are part of our everyday life. Especially the spreading of malware through attached documents with macros are very popular among cyber criminals. These <a href=\"https:\/\/blog.rwth-aachen.de\/itc\/en\/2021\/03\/10\/makros\/\">macros<\/a> can for example contain hidden malware. If the recipient activates these macros when opening the document, any malicious software they may contain can cause great damage. For this reason, a <a href=\"https:\/\/blog.rwth-aachen.de\/itc\/en\/2021\/09\/01\/makros-2\/\">protection mechanism for e-mail macro filtering<\/a> was installed for the RWTH e-mail service on November 16, 2021. Office documents are the most used, but also PDFs, e.g. containing form fields.<!--more--><\/p>\n<h4>How does the e-mail macro filtering work?<\/h4>\n<p>E-mails with attachments sent from an email address outside the RWTH central exchange system to your email address on the RWTH central exchange system and containing documents with macros will no longer be delivered directly. Instead, you will receive an information mail explaining that the e-mail contains potentially dangerous macros. The sender address of the original e-mail will be replaced by the sender address NoReply-Sec@itc.rwth-aachen.de. The e-mail&#8217;s subject, however, will appear as exactly the same as the subject of the original e-mail. This information mail contains an explanation of how you should behave when dealing with such e-mails and what you should pay attention to.<\/p>\n<p>This is one of many measures to improve IT security at RWTH Aachen University. It does not provide 100% security but is specifically intended to make users aware of specific risks.<\/p>\n<h4>How can I open the original e-mail?<\/h4>\n<p>The original email including the files with macros will be automatically attached to the information email. After you have read the information mail carefully and are aware of the risks, you can freely decide whether you want to open the original e-mail and the attached files. This will give you the opportunity to check the email more closely before opening it: Is the sender of the email someone you know? Is the attached file an expected file? If in doubt, it is always advisable to contact the sender personally to make sure that there are no malicious intentions behind the e-mail.<\/p>\n<p>If the sender of the e-mail is trustworthy and the attachment is not suspicious, you can open the document attached to the information e-mail. Simply open the original e-mail by opening the attachment to the information e-mail. After opening the email, you will have access to the attachment of the original email. When you open the attachment, the document is first opened in protected view. You will need to activate the editing of the document manually. After activating the document, you will also be notified about the macros contained in the document. This content should only be activated for trusted files. After activation the macros will be executed. Detailed instructions with screenshots can be found in our documentation portal <a href=\"https:\/\/help.itc.rwth-aachen.de\/en\/service\/fe1d217c446e47bcac2678f3e65d899e\/article\/e046a6fa69654bb9bfe6b78faef3145a\/\">IT Center Help<\/a>.<\/p>\n<h4>The original e-mail does not open. What am I doing wrong?<\/h4>\n<p>Every e-mail program handles attachments differently. To be able to open the original mail, it must be opened in .eml or .msg format. If the attachment of the information mail was saved as a .txt file, this file extension must be replaced in .eml or .msg. Opening the original mail is supported by email clients such as Outlook and Mail App for Windows. If you encounter problems, you should open the <a href=\"https:\/\/help.itc.rwth-aachen.de\/en\/service\/1jefzdccuvuch\/article\/802fe1ead6b74f3aaab06a8d48079df6\/\">RWTH Mail App (OWA)<\/a> to access the original mail.<\/p>\n<h4>Is there a way to bypass this filtering?<\/h4>\n<p>For security reasons, all emails sent from outside the RWTH&#8217;s central Exchange system that contain files with macros are filtered out. However, there are other ways to share files securely besides sending conventional e-mails. Members of RWTH can use services like <a href=\"https:\/\/help.itc.rwth-aachen.de\/en\/service\/t84lrej1rt4i\/\">Sciebo<\/a> or <a href=\"https:\/\/help.itc.rwth-aachen.de\/en\/service\/1jeqhtat4k0o3\/\">Gigamove<\/a> to share documents.<\/p>\n<p>If you have any questions or problems with this measure, please feel free to contact us. Our colleagues from the <a href=\"https:\/\/help.itc.rwth-aachen.de\/en\/service\/b734502cd73e4201b1f763a65a61bf9c\/article\/cbf1b80232b34626bbd53dda48578c09\/\">IT-ServiceDesk<\/a> will be happy to help you.<\/p>\n<p>&nbsp;<\/p>\n<p>Responsible for the content of this article is <a href=\"https:\/\/www.itc.rwth-aachen.de\/cms\/IT-Center\/IT-Center\/Team\/~epvp\/Mitarbeiter-CAMPUS-\/?gguid=0x2C5E1B0A3DA32A45AB293A42E93EEC07&amp;allou=1&amp;lidx=1\">St\u00e9phanie Bauens<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>Sorry, this entry is only available in Deutsch.<\/p>\n","protected":false},"author":1859,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"c2c_always_allow_admin_comments":false,"footnotes":""},"categories":[314,315],"tags":[50,61,156,149],"class_list":["post-11334","post","type-post","status-publish","format-standard","hentry","category-it-sicherheit","category-services-support","tag-e-mail","tag-it-sicherheit","tag-makro","tag-safetyfirst"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/11334","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/users\/1859"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/comments?post=11334"}],"version-history":[{"count":4,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/11334\/revisions"}],"predecessor-version":[{"id":12116,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/11334\/revisions\/12116"}],"wp:attachment":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/media?parent=11334"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/categories?post=11334"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/tags?post=11334"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}