[Esd-l] macro scanner: defang instead of refuse

Scott Taylor scott at dctchambers.com
Mon Jun 3 11:03:01 PDT 2002


At 10:20 AM 03/06/2002, you wrote:
>On Mon, 2002-06-03 at 09:25, Scott Taylor wrote:
>
>We're working on tracking down the culprit.

That's the only way I know how.  Go get'um. :)

>Somewhere I read that some "cleaners" leave the deactivated virus in
>Office so its remnants show up in all future files. (Anyone know where I
>read this?)

I would suggest a manual cleaning or a low level cleaning, then send M$ the 
bill for all the trouble they caused with this macro thing.  I know, they 
wouldn't pay it, but at least you'd have the satisfaction of saying you 
billed them.

>  I'd guess it's sitting in a template file and gets inserted
>into all docs created. Would this affect files originated on another
>system? Ie. can we narrow this down to the original author of the
>document?

Once, I spent weeks cleaning up a bunch of networked M$ workstations 
because of an infected normal.dot file, it was very lucrative, thanks again 
to M$, but sorry for the company that had to pay me.  However, thanks to 
Postfix and Procmail, and educating the upper management, they no longer 
have this problem.  Now they only pay me a few bux/yr for keeping them 
up-to-date.  Other companies are not so smart, and don't learn very well, 
so I continue to make money from their stupidity.

If everyone running a mail server ran Procmail, this wouldn't be a problem.

If nobody used MS Word or at least everybody that does paid attention and 
enabled Macro Protection, then this wouldn't be a problem.  Then we 
probably wouldn't have jobs because this would be a perfect world and 
nothing would break for us to fix.

>I wonder if OpenOffice has separate command line converters that could
>be run inline to do the doc-rtf-doc conversion before it hits the user's
>mailbox?

What a great idea.  Maybe you should join the cause and write such a kewl 
tool. ;)

>Has anyone worked out a better way than email to share documents between
>groups, esp. when the composition of the groups is constantly changing?
>Windows shares are the first thing that comes to mind, but I fear
>managing the group memberships would become prohibitive as the
>membership changes frequently. IMO that's why email is so popular for
>file sharing.

There are many B2B ways to share data over the Internet, but most companies 
find them cumbersome and/or expensive to build.  Email is an easy 
alternative and not a bad solution, as long as the mail administrator uses 
strict security policies and doesn't allow bad files through (including 
Word and Excel, It would be best if nobody shared M$ Office documents).

Educating users is the only way.  Now find me a user that is willing to learn.

Scott.



More information about the esd-l mailing list