Executables within docx files?

Alexander Wirt via amavis-users amavis-users at amavis.org
Wed Sep 4 10:05:01 CEST 2013 

Alex via amavis-users schrieb am Tuesday, den 03. September 2013:

> Hi,
> 
> We had a complaint from a user that an email with a .docx file was
> rejected. We have an amavisd policy where .exe binaries are rejected.
> 
> Upon further inspection, the docx file contained a number of
> individual files, one of which was a dat file which appears to be some
> kind of binary:
> 
> $ unzip -v worddoc.docx
> Archive:  worddoc.docx
>  Length   Method    Size  Cmpr    Date    Time   CRC-32   Name
> --------  ------  ------- ---- ---------- ----- --------  ----
>   431708  Defl:N    23231  95% 01-01-1980 00:00 93114f03  word/document.xml
>      456  Stored      456   0% 01-01-1980 00:00 ffffffff  [trash]/0001.dat
>     1260  Defl:N      594  53% 01-01-1980 00:00 077742eb  word/styles.xml
>     2773  Defl:N      383  86% 01-01-1980 00:00 8f253e71
> word/_rels/document.xml.rels
>     1828  Defl:N      895  51% 01-01-1980 00:00 1b3daf6b  word/settings.xml
>     3725  Defl:N      815  78% 01-01-1980 00:00 b3436cf6  word/header0.xml
>     5374  Defl:N     1028  81% 01-01-1980 00:00 224280b5  word/footer1.xml
>     1417  Stored     1417   0% 01-01-1980 00:00 c104c3ac  word/media/img4.png
>      466  Defl:N      265  43% 01-01-1980 00:00 8a49f4b8  docProps/core.xml
>    37373  Defl:N     1888  95% 01-01-1980 00:00 4e070882  word/numbering.xml
>     1911  Defl:N      388  80% 01-01-1980 00:00 54a3c1b4  [Content_Types].xml
>      219  Defl:S      144  34% 01-01-1980 00:00 236284bd  customXml/item1.xml
>      296  Defl:S      194  35% 01-01-1980 00:00 7a393f74
> customXml/_rels/item1.xml.rels
>      201  Defl:S      181  10% 01-01-1980 00:00 1924afb2
> customXml/itemProps2.xml
>      187  Stored      187   0% 01-01-1980 00:00 ffffffff  [trash]/0000.dat
>      201  Defl:S      183   9% 01-01-1980 00:00 aa497c34
> customXml/itemProps1.xml
>      296  Defl:S      195  34% 01-01-1980 00:00 2227965c
> customXml/_rels/item2.xml.rels
>     7888  Defl:S     1749  78% 01-01-1980 00:00 aea2f1f0  customXml/item2.xml
>      290  Defl:S      193  33% 01-01-1980 00:00 c3438b7f  customXml/item3.xml
>      201  Defl:S      181  10% 01-01-1980 00:00 5dbf88cf
> customXml/itemProps3.xml
>      522  Defl:S      301  42% 01-01-1980 00:00 4753451c  docProps/custom.xml
>      296  Defl:S      195  34% 01-01-1980 00:00 a302f37b
> customXml/_rels/item3.xml.rels
>      595  Stored      595   0% 01-01-1980 00:00 c782df8d  _rels/.rels
> 
> $ file \[trash\]/0001.dat
> [trash]/0001.dat: DOS executable (block device driver)
> 
> Is this normal for a docx file? I'm sure the original sender had no
> idea this file contained a device driver. Is there something the
> sender needs to do to avoid this in the future?
> 
> Is there some way to avoid this problem from happening again with
> other docx files?
See http://bugs.gw.com/view.php?id=277

Alex
-- 
Alexander Wirt, formorer at formorer.de 
CC99 2DDD D39E 75B0 B0AA  B25C D35B BC99 BC7D 020A

More information about the amavis-users mailing list