detect executables embedded inside MS Office documents?

Julian Field MailScanner at
Sat Apr 5 15:25:49 IST 2008

Hugo van der Kooij wrote:
> * PGP Signed by an unverified key: 04/05/08 at 08:09:57
> Furnish, Trever G wrote:
> | Anyone know a way to get MailScanner/SA to detect executables embedded
> | within Microsoft Office documents?  We've had a word file come in 
> with a
> | .scr file embedded inside, wasn't detected by antivirus, but was
> | definitely malware.  Would love to be able to block files embedded into
> | office docs based on file extension / file type.  Didn't even know it
> | was possible to do that (embed an executable inside a word file) until
> | today.
> How will an open source community work with closed source solutions?
> Perhaps it safer to block them all together.
There are open-source programs that can extract information from OLE 
documents (i.e. up to Office 2004). I suspect there is not a problem 
with Office 2007/2008 documents as they are just zip archives.

I just wish I could remember the names of any of the stuff that reads 
OLE documents...


Julian Field MEng CITP CEng
Buy the MailScanner book at

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key:

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list