detect executables embedded inside MS Office documents?

Gerard gerard at
Mon Apr 7 11:08:25 IST 2008

On Sun, 06 Apr 2008 16:00:45 -0700
Scott Silva <ssilva at> wrote:

> on 4-6-2008 8:09 AM Julian Field spake the following:
> > Ignore all previous requests for information. I've got enough of
> > it, pretty much.
> > The only thing I cannot handle is inserted OLE "Packages" that
> > contain multiple files. If someone fancies creating one of those
> > and sending it to me, I'll improve the Package parser to cope with
> > it.
> > 
> > But it now works with files inserted into Microsoft Office
> > documents just fine.
> > 
> > This will be in the next release.
> > I guess it's a fairly major new feature, the ability to extract
> > embedded files from Microsoft Office documents.
> > :-)
> > 
> > I think I'm going to have a rest now...
> > 
> Poking another hole in the Microsoft armor was a big task. A well
> deserved rest it will be!!

The use of OLE makes the creation of highly detailed documents far
easier and accurate. The scanning of said documents when emailed I
would assume to be a plus. However, if the scanning action breaks the
OLE bonds then then cure is far worst than the disease.

I have been sending these type of documents to colleagues for years
without incident. A few years ago Symantec did categorize some of them
as a VIRUS; however, that was a false positive and they quickly revised
their definition files to reflect that.

By the way, I usually send these files encrypted via PGP. How will/does
MailScanner work on that type of document?

gerard at

My favorite sandwich is peanut butter, baloney, cheddar cheese, lettuce
and mayonnaise on toasted bread with catsup on the side.

	Senator Hubert Humphrey
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url :

More information about the MailScanner mailing list