They’re closing in on us…

“Diagnostic-Code: smtp; 552 MS-Office file containing VBA macros found inside of the email”

Of course it contains bloody VBA – I’m a bloody VBA developer FFS!!

So I’m trying to send a client an app (the magnificent (and popular) Alternative FileSearch for Office 2007 since you ask) and their email is having non of it.

I guess if a few more mail servers implement this featurectomy approach to security, we’ll have to move to browser/cloud apps.

Of course quotes like this don’t help Excel/VBA’s security hole image:

“They decided on this unusual format because they wanted the video to penetrate even the most Draconian corporate firewalls. After all, who can’t receive an Excel spreadsheet?”

Well anyone with Trend Micro mail software can’t.

bah bloody humbug!

anyone caught by this? is it an increasing trend do you think?

(I’ve had a client for years where one of the Excel/VBA apps has been flagged as a virus by certain mail servers, we just zip it with a password). oh thats a good idea…

cheers

Simon

Advertisements

10 Responses to “They’re closing in on us…”

  1. Nick Hebb Says:

    I’ve had that happen a few times. Things that have worked are zipping it (that method failed with one recipient) and renaming the extension and telling the user to rename it back after saving the attachment. The other option is to upload it to your site and send a link.

  2. Lord Says:

    I know large companies that disallow any and all attachments, emails above a very small size, and even then reject almost everything as spam. It took a half a dozen attempts before they would not bounce it.

  3. Harlan Grove Says:

    I suppose you could put the file on your web site in a deeply nested and obscurely named subdirectory, then put the url in the e-mail. Bit more work all around.

    If the OP’s e-mail server scraps password protected zip files, put your workbook in a zip file without a password, change its extension, put that renamed zip file in another zip file without a password, and e-mail the second zip file.

    There’s also uuencode and binhex, but your client would need to install them. Then again, if they use a zip program (WinZip, PkZip, 7zip, WinRAR, etc.), you could use a different compressed archive format like bzip or tar. Maybe your client’s e-mail server doesn’t know those other formats.

    I haven’t had problems with e-mail, but I’ve had lots of trouble with AV software wanting quarantine batch files. Naturally the IT department doesn’t allow anyone to make exceptions to their bulletproof security settings. So I use a ROT13 filter, which is enough to thoroughly confuse the AV.

  4. jonpeltier Says:

    “… companies that disallow any and all attachments, emails above a very small size…” and have an inbox size limit of 25 MB.

  5. Alex J Says:

    In an oddly similar occurance, our firm just deployed Bluecoat web filtering. Some genius has decided that sites like Daily Dose of Excel, Smurf, Pointy Haired Dilbert, Methods in Excel and my webmail are now threats to corporate security!

    Colour me evenings-only.

  6. Marcus Says:

    I’ve had reasonable success with password protecting/encrypting the attachment and including the password in the email body.
    I’m guessing that the virus scanner assumes that if the file if pwd protected the recipient either wont be able to open it anyway or knows or strusts the sender enough to have the password.

  7. Ross MIE Says:

    Methods in Excel a security threat, at last some one is taking my demonic intentions seriously!!! I have that problem a lot, I can’t tell you the number of times I found the perfect image for a presentation, only to get “surf controlled” out of downloading it! Very frustrating!

    I emphasize with little with the IT department here, they have to draw a line in the sand some where, the problem is that 1. its very easy to buy pass, and 2, there should be easy and quick why to send document, (that is safe!).
    Maybe the server shouldn’t just bloke the attachment, but put test the attachment, then let it though if it passes some tests? – not rocket sugary!

  8. Simon Says:

    Bwahahaha!

  9. Giles Says:

    I always put stuff on our website with a .htaccess file to password-protect it, then send a URL/username/password link. It was a pain initially, but it was easy enough to automate.

  10. Bob Phillips Says:

    I too have been exeperiencing thsi problem more and more recently. My usual soution is to rename the extension from .zip to .xx, and get the receipient to rename it back. I have also FTPed it to mt website and get tem to download it from there.

    See Simin, if we only all used the cloud …

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: