Microsoft Word and Excel documents with embedded harmfull objects
Adri Koppes
adrik at salesmanager.nl
Mon Apr 3 14:12:25 IST 2006
Recently some users have discovered a new trick to send blocked and
potentially harmful file through the MailScanner gateway.
They create an email messages with a Microsoft Word or Excel document
attachment, which contains an embedded OLE object or package.
The embedded object can by ANY other file, including executables etc.
When scanned by MailScanner, the executable and other embedded objects
are not detected and the message is passed through to the users mailbox!
Obviously this is not what we would like to happen.
I have found a little program 'ripOLE' on
http://freshmeat.net/projects/ripole/, which will extract all embedded
objects from a Word Document.
Would it be easy to integrate 'ripOLE' or an equivalent program into
MailScanner to be called for attachments? If the embedded objects are
extracted into the normal temp directory, then MailScanner will subject
them to the same file-name/type restrictions as normal attachments.
Probably 'ripOLE' only need to be called when the /usr/bin/file command
has determined the attachment to be some kind of 'Microsoft Office Data'
file.
Adri.
More information about the MailScanner
mailing list