[icon-users] Microsoft Office file validation
- From: John Harrison <john@xxxxxxxxxxxxxxxx>
- To: Icon users <icon-users@xxxxxxxxxxxxx>
- Date: Sun, 18 Mar 2012 22:58:45 +0000 (GMT)
Has anyone else had this problem? I've had it from several people in
recent months.
When sending documents to non-RO users I convert them to PDF if they are
not for editing, or Word if they are (eg contributions to a newsletter).
Several people have come back asking me to re-save and re-send, because the
file has been detected as suspicious.
There can't be any malware in a file generated by EW, and I can't believe
that EW would add any content that wasn't necessary. My suspicion is that
the file is being scanned to find out what version of Word created it, and
then checked to make sure it contains nothing inconsistent with that
version. Since an EW file doesn't contain such an identifier, it is
failing the first part of the test.
If I am right, I consider it arrogant of MS to assume that anything not
created by MS is probably malicious. I wonder whether it would reject
files created by Open Office, or Apple's 'Pages'.
The latest frightened recipient sent me this URL:
http://technet.microsoft.com/en-us/security/advisory/2501584
Regards
--
John Harrison
Website http://jaharrison.me.uk
------------------------------------------------------------
To change, suspend or cancel your subscription go to
//www.freelists.org/list/icon-users
------------------------------------------------------------
Other related posts:
