detect executables embedded inside MS Office documents?
Julian Field
MailScanner at ecs.soton.ac.uk
Sat Apr 5 15:25:49 IST 2008
Hugo van der Kooij wrote:
> * PGP Signed by an unverified key: 04/05/08 at 08:09:57
>
> Furnish, Trever G wrote:
> | Anyone know a way to get MailScanner/SA to detect executables embedded
> | within Microsoft Office documents? We've had a word file come in
> with a
> | .scr file embedded inside, wasn't detected by antivirus, but was
> | definitely malware. Would love to be able to block files embedded into
> | office docs based on file extension / file type. Didn't even know it
> | was possible to do that (embed an executable inside a word file) until
> | today.
>
> How will an open source community work with closed source solutions?
> Perhaps it safer to block them all together.
There are open-source programs that can extract information from OLE
documents (i.e. up to Office 2004). I suspect there is not a problem
with Office 2007/2008 documents as they are just zip archives.
I just wish I could remember the names of any of the stuff that reads
OLE documents...
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list