[Mimedefang] Checking Office XML Files

Kevin A. McGrail KMcGrail at PCCC.com
Thu Apr 13 07:15:24 EDT 2017


I have previously been checking files like xlsx for indicators they have 
macros and blocking them.

Effectively I was doing things like this by treating them as zip files.

However, it appears I was stupid and files when password protected 
aren't password protected zips but something else.

I'm just starting to dive into this issue.

Any ideas how to reliably detect if they are password protected Office 
files and deal with them appropriately?  A quick check shows they don't 
appear to have a consistent magic byte but perhaps I'm missing something 


More information about the MIMEDefang mailing list