How can you find out if xlsx and docx files are safe to open?

microsoft-excel security microsoft-word virus malware-detection
28,057

Solution 1

Macros cannot be saved in .xlsx files. Excel will refuse, and tell you to save it as an .xlsm file. If you save as .xlsm and then rename as .xlsx Excel will not open the file.

Assuming someone got around this restriction, then Excel will disable any macros found in an .xlsx file.

Solution 2

If this is not a trustworthy source, or if you are even a bit suspicious, the best action is to simply delete the email. Specially if this is information you have not requested, or is not part of a previous information, or it isn't vital information for you.

If you can contact the sender to confirm the authenticity of the file, do so. If possible, ask then to re-send the information as a text-file (even PDFs can have malware).

If you really need access to the information, and can't get it in a new format, here's what I'd do:

  • Check for malware on http://virustotal.com, it will check the files against 40 diferent antiviruses. You have already taken this step, that's great.
  • Either (1) Boot from a Linux live CD (ie, Ubuntu), open the file on LibreOffice, remove the macros and export to a new file (possibly in a different, safer format)
  • or (2) open the file on Google Docs and export to a new file (possibly in a different, safer format)

Solution 3

I do site IT support for a manufacturing plant, and I can tell you that sending Word and Excel documents to employees of another company is not common place, especially for sharing tips. I get these sorts of emails all the time and the tips are always contained within the email, included in a PDF, or a link to a page on their company web-site.

Within the organization, this is a different matter. Users within the organization often share Word and Excel files through email.

Sending zipped files on the other hand is common place both inside and outside of the organization. It's also 50%/50% on whether it's spam or not. The users I support forward me emails they received to determine if they were spam or not, and zipped files often accompany the spam emails. On the other hand, they frequently contact me for help when they receive ligitimate emails that contain zipped files or need to send one with a zip file. Often organizations have limits on the size of the emails they can send or receive and the users opt for zipping the files when they exceed those limits. But again, when companies send emails to share tips, I have never seen this.


Side Note: This is just my experience, but anytime a company (any company, not just an IT company) has to contact you first, they aren't very good at what they do and you should avoid them. When a company is good at what they do, the customers will come to them.

Solution 4

First rule would be to NEVER open unsolicited email attachments. It is simply extremely bad security practice. If you send me something suspicious like that and I don't know you, I'll tend to automatically blacklist you.

As far as formats, I normally see most companies use Adobe PDF for whitepapers. I can't remember the last time I saw whitepapers in raw Office format. It used to be that due to the macro issue, you only opened such files from trusted sources and even then disabled macros first. Another reasons you don't see that today is the metadata in the files can lead to embarrassing disclosures. (Which PDF isn't immune to! Something to keep in mind.)

Share:
28,057
fightermagethief
Author by

fightermagethief

Please support my art and writing. It is free, but donations are appreciated. http://www.fightermagethief.blogspot.com

Updated on September 18, 2022

Comments

  • fightermagethief
    fightermagethief almost 2 years

    I have received an email from a not entirely trustworthy source, it might be legit but I'm not really sure. It contains, among other things, information on a .docx Microsoft Word file and a .xlsx Microsoft Excel file.

    I have already scanned the files on http://virustotal.com and no viruses have been found, but I also read that macros can exist in the xml or zipped portion of the files themselves.

    I am seeking ideas about pinpointing potential malicious intent, such as finding macros.

    • Ramhound
      Ramhound almost 11 years
      Sounds like she should ignore this contact and delete the file.
    • fightermagethief
      fightermagethief almost 11 years
      @vasa1 I assumed anyone working in even SEO would consider it unprofessional to use proprietary stuff unless it was requested. I even used a similar phrase when speaking to her, that I realize most people use docx and xlsx without even realizing alternatives, but pros? I guess I am searching for input from people in this or similar industries, and also maybe a definite way of finding malicious intent in the files.
    • spuder
      spuder almost 11 years
      If this is from someone in the health industry, then they may have HIPPA regulations they need to follow.
    • Thalys
      Thalys almost 11 years
      I personally don't consider SEO to be part of the proper IT community - I've just seen so much crap. If you create a resource thats actually useful, it tends to get attention. Just so many red flags here, to me.
    • Luke Sawczak
      Luke Sawczak almost 5 years
      One more option, depending on the nature of the privacy needed and the type of content you need to extract, is to use an online conversion service to turn it into a text-only or otherwise less risky format.
  • fightermagethief
    fightermagethief almost 11 years
    I agree with you and was hesitant to post here for these reasons. Do you know of a more proper arena for this type of problem? I run into issues similar to this occasionally and, because no one is really concerned with the prevention of fraud, they tend to go unnoticed or unanswered which I feel makes it such a lucrative 'business'. Also, at least part of my question would have a definite, technical answer: How do you ascertain the safety of such files?
  • That Brazilian Guy
    That Brazilian Guy almost 11 years
    Your question can be divided in (at least!) three: (1) effectiveness of SEO, (2) If it is common for companies to send information on proprietary file formats, and (3) how to detect malware on attached files on email. MAYBE you could ask the first two on quora.com, only the last question belongs here, and even then it can be phrased as "How do I ensure attached files received via email are malware-free", or something almost as short. In fact, I'm suggesting a rewrite, if you like it please accept.
  • nixda
    nixda over 10 years
    +1 That is the correct answer. Note that also .xlsb and the old .xls format can contain macros.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to get rid of eval-base64_decode like PHP virus files?
Protect website from Backdoor/PHP.C99Shell aka Trojan.Script.224490
How to design table in MS Excel or MS Word with varying cell sizes?
Double Sided Flash Cards from Excel Document
insert Excel sheet in Word 2003 and keep formula?
Is there any virus that affects Excel contents?
Should I be worry after opening suspicious Email attachment?
Auto Sequential numbering based on cell criteria - create two independent automatic numbering sequences
Adjust decimal separator in imported charts
How to have sequential numbers keep writing themselves?