detect executables embedded inside MS Office documents?

Julian Field MailScanner at ecs.soton.ac.uk
Tue Apr 8 19:36:05 IST 2008



Scott Silva wrote:
> on 4-7-2008 3:08 AM Gerard spake the following:
>> On Sun, 06 Apr 2008 16:00:45 -0700
>> Scott Silva <ssilva at sgvwater.com> wrote:
>>
>>> on 4-6-2008 8:09 AM Julian Field spake the following:
>>>> Ignore all previous requests for information. I've got enough of
>>>> it, pretty much.
>>>> The only thing I cannot handle is inserted OLE "Packages" that
>>>> contain multiple files. If someone fancies creating one of those
>>>> and sending it to me, I'll improve the Package parser to cope with
>>>> it.
>>>>
>>>> But it now works with files inserted into Microsoft Office
>>>> documents just fine.
>>>>
>>>> This will be in the next release.
>>>> I guess it's a fairly major new feature, the ability to extract
>>>> embedded files from Microsoft Office documents.
>>>> :-)
>>>>
>>>> I think I'm going to have a rest now...
>>>>
>>> Poking another hole in the Microsoft armor was a big task. A well
>>> deserved rest it will be!!
>>
>> The use of OLE makes the creation of highly detailed documents far
>> easier and accurate. The scanning of said documents when emailed I
>> would assume to be a plus. However, if the scanning action breaks the
>> OLE bonds then then cure is far worst than the disease.
> MailScanner only scans a copy of the attachments to check their 
> content. The original isn't harmed.
He didn't really think that did he? How stoopid do people think I am? :-)

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list