The MacroTrap performs a rule-based examination of all Macro code that is saved in
association
with a document. Macro virus code is typically contained as a part of the invisible
template (for
example.,
*.dot in Microsoft Word) that travels with the document. Trend Micro MacroTrap checks the document for signs of
a macro virus by seeking out instructions that perform virus-like activity. Examples
of
virus-like activity are copying parts of the template to other templates (replication),
or code
to execute harmful commands (destruction).