Hi
I've just developed an Excel workbook with VBA in it, which has been sent as a questionnaire to c. 400 associates nationwide, as an email attachment.
Some users are not receiving these emails, because the email scanning software in their organisation is objecting to the file. Here's part of a typical automated response from a firewall:
[email]....has not been delivered as it has been classified as containing encrypted data that cannot be checked using the current automatic content analysis tools.The thing is, the file is NOT encrypted. It's a normal .XLS (Excel
2000) file, with some VBA code in it. I've scanned it with McAfee Viruscan Enterprise here at work, and with AVG at home, with no problems detected.The only thing I can imagine the security software objecting to is the fact that the workbook and worksheets are "protected" with a password. Now this is _not_ encryption: simply a cosmetic measure that prevents users from changing certain features of the spreadsheet - anyone can open the workbook and have a look at everything in it. (To repeat the point: this is not a password-protected file, which requires a password to be opened: workbook/worksheet protection is distinct from that).
The sheets are protected for a good reason: when they're filled in and sent back, they're bulk-imported into a database: any change to the structure of the spreadsheets would completely mess up the import code.
Has anyone come across a similar problem? Is what's happening maybe not determined by the particular software these orgs are using, but by some custom rule the mail-admins might have set up within it? Or does Excel in fact encrypt .XLS files (or part of them) when you protect a worksheet and/or workbook? But if it did, surely McAfee and AVG would have objected to these files, which they don't. My copy of AVG was last updated yesterday, and as far as I know I haven't customised it by flicking a "be especially lenient towards .XLS files" switch - so why are these firewalls rejecting the files? (maybe I've got the wrong end of the stick on this last point - corporate-scale email security would tend to be _more_ paranoid than me as an individual, due to the volume of traffic it handles?).
I have no experience of corporate-scale email setups (except as a user), so I'm a bit mystified how they work with regard to security.
I don't have a clear picture yet of exactly what software is being used as the firewall (there are 35 different organisations to contact). This just seems very strange.
thanks for any ideas
Seb