detect executables embedded inside MS Office documents?
Scott Silva
ssilva at sgvwater.com
Tue Apr 8 17:34:39 IST 2008
on 4-7-2008 3:08 AM Gerard spake the following:
> On Sun, 06 Apr 2008 16:00:45 -0700
> Scott Silva <ssilva at sgvwater.com> wrote:
>
>> on 4-6-2008 8:09 AM Julian Field spake the following:
>>> Ignore all previous requests for information. I've got enough of
>>> it, pretty much.
>>> The only thing I cannot handle is inserted OLE "Packages" that
>>> contain multiple files. If someone fancies creating one of those
>>> and sending it to me, I'll improve the Package parser to cope with
>>> it.
>>>
>>> But it now works with files inserted into Microsoft Office
>>> documents just fine.
>>>
>>> This will be in the next release.
>>> I guess it's a fairly major new feature, the ability to extract
>>> embedded files from Microsoft Office documents.
>>> :-)
>>>
>>> I think I'm going to have a rest now...
>>>
>> Poking another hole in the Microsoft armor was a big task. A well
>> deserved rest it will be!!
>
> The use of OLE makes the creation of highly detailed documents far
> easier and accurate. The scanning of said documents when emailed I
> would assume to be a plus. However, if the scanning action breaks the
> OLE bonds then then cure is far worst than the disease.
MailScanner only scans a copy of the attachments to check their content. The
original isn't harmed.
>
> I have been sending these type of documents to colleagues for years
> without incident. A few years ago Symantec did categorize some of them
> as a VIRUS; however, that was a false positive and they quickly revised
> their definition files to reflect that.
>
> By the way, I usually send these files encrypted via PGP. How will/does
> MailScanner work on that type of document?
>
>
>
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080408/4d0e7959/signature.bin
More information about the MailScanner
mailing list