diff --git a/data/Dockerfiles/rspamd/Dockerfile b/data/Dockerfiles/rspamd/Dockerfile
index d4d4508d..028f2abb 100644
--- a/data/Dockerfiles/rspamd/Dockerfile
+++ b/data/Dockerfiles/rspamd/Dockerfile
@@ -12,12 +12,14 @@ RUN dpkg-divert --local --rename --add /sbin/initctl \
 RUN apt-key adv --fetch-keys http://rspamd.com/apt-stable/gpg.key \
     && echo "deb http://rspamd.com/apt-stable/ xenial main" > /etc/apt/sources.list.d/rspamd.list \
     && apt-get update \
-    && apt-get -y install rspamd ca-certificates
+    && apt-get -y install rspamd ca-certificates python-pip
 
 RUN echo '.include $LOCAL_CONFDIR/local.d/rspamd.conf.local' > /etc/rspamd/rspamd.conf.local
 # "Hardcoded" - we need them
 RUN echo 'settings = "http://nginx:8081/settings.php";' > /etc/rspamd/modules.d/settings.conf
 
+RUN pip install -U oletools
+
 CMD ["/usr/bin/rspamd","-f", "-u", "_rspamd", "-g", "_rspamd"]
 
 RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
diff --git a/data/conf/rspamd/lua/rspamd.local.lua b/data/conf/rspamd/lua/rspamd.local.lua
index c1480461..b3f96f64 100644
--- a/data/conf/rspamd/lua/rspamd.local.lua
+++ b/data/conf/rspamd/lua/rspamd.local.lua
@@ -74,3 +74,39 @@ rspamd_config.ADD_DELIMITER_TAG = {
     return false
   end
 }
+
+rspamd_config.MRAPTOR = {
+  callback = function(task)
+    local parts = task:get_parts()
+    local rspamd_logger = require "rspamd_logger"
+    local rspamd_regexp = require "rspamd_regexp"
+
+    if parts then
+      for _,p in ipairs(parts) do
+        local mtype,subtype = p:get_type()
+        local re = rspamd_regexp.create_cached('/(office|word|excel)/i')
+        if re:match(subtype) then
+          local content = tostring(p:get_content())
+          local filename = p:get_filename()
+
+          local file = os.tmpname()
+          f = io.open(file, "a+")
+          f:write(content)
+          f:close()
+
+          local scan = assert(io.popen('PATH=/usr/bin:/usr/local/bin mraptor ' .. file .. '> /dev/null 2>&1; echo $?', 'r'))
+          local result = scan:read('*all')
+          local exit_code = string.match(result, "%d+")
+          rspamd_logger.infox(exit_code)
+          scan:close()
+
+          if exit_code == "20" then
+            rspamd_logger.infox("Reject dangerous macro in office file " .. filename)
+            task:set_pre_result(rspamd_actions['reject'], 'Dangerous macro in office file ' .. filename)
+          end
+
+        end
+      end
+    end
+  end
+}