[Mimedefang] Scanning for objects embedded within M$ Office attachments

si at yacc.co.uk si at yacc.co.uk
Sun Jun 6 16:28:37 EDT 2010

Hi Chaps,

Some sales types recently ran 'ClearSwift Threat Assessment' against our Mimedefang based anti-spam system (by invitation :), in an attempt to convince 'the suits' that they should buy MIMESweeper.

Most of what was found was pretty benign ... seems messages containing Albanian Obscenities get through :) 

One thing really got the suits attention though, and that was stuff like this:


This particular test includes; 	

-A sample executable, which could represent malware or unlicensed software	

-In a Trojan embedded in Word document saved as RTF format	

-Included as Troj_EmbedWord.rtf	


Similar reports for Excel and PowerPoint too.

My first reaction was that it was simpler to let host-based Anti-Virus deal with this threat, but then got to thinking about all the other possibilities. I can kinda argue it both ways now.

Has anyone looked into this sort of thing in any depth, maybe using Perl Libraries such as File::MSWord, or calling out to Open Office, etc, or even just in a position to offer sagely advice on the subject?

Many thanks



More information about the MIMEDefang mailing list