Thread: embedded object in word

    embedded object in word

    we have blocked zip files on our email server using commercial email scanners.
    recently, i have used object packager and embed an object (zip file) in a word document (word docs are not blocked) and the email scanners did not detect the zip file in the word document.
    are there ways, besides removing the object packager or installing other email scanners that can do the job, can we detect zip files embedded in word documents?

    I don't know the answer. However, I do realise that Word documents can even be more harmful than ZIP files, if you receive them through email. Why? Because Word documents allow the execution of scripts that are contained within the document. And a careless user might activate a damaging script that way.

    So I am amazed that you consider ZIP files to be more dangerous than Word files. Especially since many virusscanners are able to scan the contents of a ZIP file, yet most have problems with the contents of Word documents. Both are dangerous, btw. Then again, every email user should be aware that they should not open ANY attachment that they receive from someone whom they don't know. (And if they're smart, they don't even open attachments from people whom they do know, if they haven't asked for these attachments!)

    A good, secure system starts with the proper education of it's users. And whomever refuses to learn proper security measures is just a security hazard.

    the email scanners did not detect the zip file in the word document.
    They wouldn't, I would bet that they are only checking for attachments, so any crap embedded in a Word document will get through. Katja is quite right with her warning.

    Check your scanning application settings. You might even need to get a more functional one. You need to scan for objects inside Word and Excel documents. You also need to scan for executables of any type.

    If you're not permitted to block word documents, you may as well
    just surrender to the inevitable. The irresistable convenience
    of a popular format will trump security every time.
