Excel protected workbook appears opaque to virus-scan?

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Hi

I've just developed an Excel workbook with VBA in it, which has been
sent as a questionnaire to c. 400 associates nationwide, as an email
attachment.

Some users are not receiving these emails, because the email scanning
software in their organisation is objecting to the file.  Here's part
of a typical automated response from a firewall:

[email]....has not been delivered as it has been classified as
containing encrypted data that cannot be checked using the current
automatic content analysis tools.

The thing is, the file is NOT encrypted.  It's a normal .XLS (Excel
2000) file, with some VBA code in it.  I've scanned it with McAfee
Viruscan Enterprise here at work, and with AVG at home, with no
problems detected.

The only thing I can imagine the security software objecting to is the
fact that the workbook and worksheets are "protected" with a password.
Now this is _not_ encryption: simply a cosmetic measure that prevents
users from changing certain features of the spreadsheet - anyone can
open the workbook and have a look at everything in it.  (To repeat the
point: this is not a password-protected file, which requires a password
to be opened: workbook/worksheet protection is distinct from that).

The sheets are protected for a good reason: when they're filled in and
sent back, they're bulk-imported into a database: any change to the
structure of the spreadsheets would completely mess up the import code.

Has anyone come across a similar problem?  Is what's happening maybe
not determined by the particular software these orgs are using, but by
some custom rule the mail-admins might have set up within it? Or does
Excel in fact encrypt .XLS files (or part of them) when you protect a
worksheet and/or workbook?  But if it did, surely McAfee and AVG would
have objected to these files, which they don't.  My copy of AVG was
last updated yesterday, and as far as I know I haven't customised it by
flicking a "be especially lenient towards .XLS files" switch - so why
are these firewalls rejecting the files?
(maybe I've got the wrong end of the stick on this last point -
corporate-scale email security would tend to be _more_ paranoid than me
as an individual, due to the volume of traffic it handles?).

I have no experience of corporate-scale email setups (except as a
user), so I'm a bit mystified how they work with regard to security.

I don't have a clear picture yet of exactly what software is being used
as the firewall (there are 35 different organisations to contact).
This just seems very strange.

thanks for any ideas


Seb


Re: Excel protected workbook appears opaque to virus-scan?
In comp.security.firewalls sebthirlway@hotmail.com wrote:
[sending Excel sheets via E-Mail]
Quoted text here. Click to load it

Unfortunately, many mail setups in the wild are braindead. Usually, people
don't understand the problems, and for this they don't understand how
to solve them. But all are scared of malware now, especially those who
are using Microsoft Windows.

I think this is the reason for your problems. And because this is a social
problem, I'm afraid to tell you, that there is no simple solution for it.

Yours,
VB.
--
At first there was the word. And the word was Content-type: text/plain

Excel protected workbook appears opaque to virus-scan?
Hi

I've just developed an Excel workbook with VBA in it, which has been
sent as a questionnaire to c. 400 associates nationwide, as an email
attachment.

Some users are not receiving these emails, because the email scanning
software in their organisation is objecting to the file.  Here's part
of a typical automated response from a firewall:

[email]....has not been delivered as it has been classified as
containing encrypted data that cannot be checked using the current
automatic content analysis tools.

The thing is, the file is NOT encrypted.  It's a normal .XLS (Excel
2000) file, with some VBA code in it.  I've scanned it with McAfee
Viruscan Enterprise here at work, and with AVG at home, with no
problems detected.

The only thing I can imagine the security software objecting to is the
fact that the workbook and worksheets are "protected" with a password.
Now this is _not_ encryption: simply a cosmetic measure that prevents
users from changing certain features of the spreadsheet - anyone can
open the workbook and have a look at everything in it.  (To repeat the
point: this is not a password-protected file, which requires a password
to be opened: workbook/worksheet protection is distinct from that).

The sheets are protected for a good reason: when they're filled in and
sent back, they're bulk-imported into a database: any change to the
structure of the spreadsheets would completely mess up the import code.

Has anyone come across a similar problem?  Is what's happening maybe
not determined by the particular software these orgs are using, but by
some custom rule the mail-admins might have set up within it? Or does
Excel in fact encrypt .XLS files (or part of them) when you protect a
worksheet and/or workbook?  But if it did, surely McAfee and AVG would
have objected to these files, which they don't.  My copy of AVG was
last updated yesterday, and as far as I know I haven't customised it by
flicking a "be especially lenient towards .XLS files" switch - so why
are these firewalls rejecting the files?
(maybe I've got the wrong end of the stick on this last point -
corporate-scale email security would tend to be _more_ paranoid than me
as an individual, due to the volume of traffic it handles?).

I have no experience of corporate-scale email setups (except as a
user), so I'm a bit mystified how they work with regard to security.

I don't have a clear picture yet of exactly what software is being used
as the firewall (there are 35 different organisations to contact).
This just seems very strange.

thanks for any ideas


Seb


Re: Excel protected workbook appears opaque to virus-scan?

Quoted text here. Click to load it
<snip>

Quoted text here. Click to load it

You're probably running afoul of several different solutions and there may
be no easy method.  You might try posting the file on a website and asking
the user to hyperlink to download it, the http rules may be different from
smtp rules.  Otherwise you'll need the fw admins to whitelist your domain or
your email address or something like that, to get the content through.
(which with 35 sites, would be no fun)  Unless you can unprotect the content
sufficiently which it sounds like you don't want to do.

-Russ.



Re: Excel protected workbook appears opaque to virus-scan?
Thanks for your replies.

We've already thought of putting the file on our corporate website -
nice to have it confirmed that http rules might be less restrictive.

Volker, unfortunately for me your statement "this is a social problem"
pretty much sums it up.  I suspect that many of these orgs are running
Iron-Age security software, loaded up with rules to make the firewall
pretty much equivalent to a guy wearing a tinfoil beanie to prevent
thought-control.

I'll try the website option; thanks again for your comments.


Seb


Re: Excel protected workbook appears opaque to virus-scan?
sebthirlway@hotmail.com wrote:

Quoted text here. Click to load it


The anti virus software or mail filters might not be 'smart' enough to
differentiate a read password from a write password and just block the
whole file outright (our Sophos/MailMarshal combo has this problem).

Remove the password altogether. You will still see emails getting
blocked on the VBA code however.

Re: Excel protected workbook appears opaque to virus-scan?
Benno wrote:
Quoted text here. Click to load it

I would agree with you here in that the AV mail filters are detecting
emails with VBA code in the attached file and is blocking the email as
part of the protection measures and has nothing to do with a FW.

Duane :)

Re: Excel protected workbook appears opaque to virus-scan?

Quoted text here. Click to load it

Unless the FW is doing AV.  Some do.

-Russ.



Site Timeline