Executables within docx files?

Alex via amavis-users amavis-users at amavis.org
Wed Sep 4 03:45:40 CEST 2013 

Hi,

We had a complaint from a user that an email with a .docx file was
rejected. We have an amavisd policy where .exe binaries are rejected.

Upon further inspection, the docx file contained a number of
individual files, one of which was a dat file which appears to be some
kind of binary:

$ unzip -v worddoc.docx
Archive:  worddoc.docx
 Length   Method    Size  Cmpr    Date    Time   CRC-32   Name
--------  ------  ------- ---- ---------- ----- --------  ----
  431708  Defl:N    23231  95% 01-01-1980 00:00 93114f03  word/document.xml
     456  Stored      456   0% 01-01-1980 00:00 ffffffff  [trash]/0001.dat
    1260  Defl:N      594  53% 01-01-1980 00:00 077742eb  word/styles.xml
    2773  Defl:N      383  86% 01-01-1980 00:00 8f253e71
word/_rels/document.xml.rels
    1828  Defl:N      895  51% 01-01-1980 00:00 1b3daf6b  word/settings.xml
    3725  Defl:N      815  78% 01-01-1980 00:00 b3436cf6  word/header0.xml
    5374  Defl:N     1028  81% 01-01-1980 00:00 224280b5  word/footer1.xml
    1417  Stored     1417   0% 01-01-1980 00:00 c104c3ac  word/media/img4.png
     466  Defl:N      265  43% 01-01-1980 00:00 8a49f4b8  docProps/core.xml
   37373  Defl:N     1888  95% 01-01-1980 00:00 4e070882  word/numbering.xml
    1911  Defl:N      388  80% 01-01-1980 00:00 54a3c1b4  [Content_Types].xml
     219  Defl:S      144  34% 01-01-1980 00:00 236284bd  customXml/item1.xml
     296  Defl:S      194  35% 01-01-1980 00:00 7a393f74
customXml/_rels/item1.xml.rels
     201  Defl:S      181  10% 01-01-1980 00:00 1924afb2
customXml/itemProps2.xml
     187  Stored      187   0% 01-01-1980 00:00 ffffffff  [trash]/0000.dat
     201  Defl:S      183   9% 01-01-1980 00:00 aa497c34
customXml/itemProps1.xml
     296  Defl:S      195  34% 01-01-1980 00:00 2227965c
customXml/_rels/item2.xml.rels
    7888  Defl:S     1749  78% 01-01-1980 00:00 aea2f1f0  customXml/item2.xml
     290  Defl:S      193  33% 01-01-1980 00:00 c3438b7f  customXml/item3.xml
     201  Defl:S      181  10% 01-01-1980 00:00 5dbf88cf
customXml/itemProps3.xml
     522  Defl:S      301  42% 01-01-1980 00:00 4753451c  docProps/custom.xml
     296  Defl:S      195  34% 01-01-1980 00:00 a302f37b
customXml/_rels/item3.xml.rels
     595  Stored      595   0% 01-01-1980 00:00 c782df8d  _rels/.rels

$ file \[trash\]/0001.dat
[trash]/0001.dat: DOS executable (block device driver)

Is this normal for a docx file? I'm sure the original sender had no
idea this file contained a device driver. Is there something the
sender needs to do to avoid this in the future?

Is there some way to avoid this problem from happening again with
other docx files?

Thanks,
Alex

More information about the amavis-users mailing list