Kevin A. McGrail
2017-04-13 11:15:24 UTC
Morning!
I have previously been checking files like xlsx for indicators they have
macros and blocking them.
Effectively I was doing things like this by treating them as zip files.
However, it appears I was stupid and files when password protected
aren't password protected zips but something else.
I'm just starting to dive into this issue.
Any ideas how to reliably detect if they are password protected Office
files and deal with them appropriately? A quick check shows they don't
appear to have a consistent magic byte but perhaps I'm missing something
obvious.
Regards,
KAM
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringpengui
I have previously been checking files like xlsx for indicators they have
macros and blocking them.
Effectively I was doing things like this by treating them as zip files.
However, it appears I was stupid and files when password protected
aren't password protected zips but something else.
I'm just starting to dive into this issue.
Any ideas how to reliably detect if they are password protected Office
files and deal with them appropriately? A quick check shows they don't
appear to have a consistent magic byte but perhaps I'm missing something
obvious.
Regards,
KAM
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringpengui