1. Home
  2. Networking Firewalls
  3. Excel protected workbook appears opaque to virus-scan?

Excel protected workbook appears opaque to virus-scan?

Hi

I've just developed an Excel workbook with VBA in it, which has been sent as a questionnaire to c. 400 associates nationwide, as an email attachment.

Some users are not receiving these emails, because the email scanning software in their organisation is objecting to the file. Here's part of a typical automated response from a firewall:

[email]....has not been delivered as it has been classified as containing encrypted data that cannot be checked using the current automatic content analysis tools.

The thing is, the file is NOT encrypted. It's a normal .XLS (Excel

2000) file, with some VBA code in it. I've scanned it with McAfee Viruscan Enterprise here at work, and with AVG at home, with no problems detected.

The only thing I can imagine the security software objecting to is the fact that the workbook and worksheets are "protected" with a password. Now this is _not_ encryption: simply a cosmetic measure that prevents users from changing certain features of the spreadsheet - anyone can open the workbook and have a look at everything in it. (To repeat the point: this is not a password-protected file, which requires a password to be opened: workbook/worksheet protection is distinct from that).

The sheets are protected for a good reason: when they're filled in and sent back, they're bulk-imported into a database: any change to the structure of the spreadsheets would completely mess up the import code.

Has anyone come across a similar problem? Is what's happening maybe not determined by the particular software these orgs are using, but by some custom rule the mail-admins might have set up within it? Or does Excel in fact encrypt .XLS files (or part of them) when you protect a worksheet and/or workbook? But if it did, surely McAfee and AVG would have objected to these files, which they don't. My copy of AVG was last updated yesterday, and as far as I know I haven't customised it by flicking a "be especially lenient towards .XLS files" switch - so why are these firewalls rejecting the files? (maybe I've got the wrong end of the stick on this last point - corporate-scale email security would tend to be _more_ paranoid than me as an individual, due to the volume of traffic it handles?).

I have no experience of corporate-scale email setups (except as a user), so I'm a bit mystified how they work with regard to security.

I don't have a clear picture yet of exactly what software is being used as the firewall (there are 35 different organisations to contact). This just seems very strange.

thanks for any ideas

Seb

Reply to
sebthirlway
Loading thread data ...

In comp.security.firewalls snipped-for-privacy@hotmail.com wrote: [sending Excel sheets via E-Mail]

Unfortunately, many mail setups in the wild are braindead. Usually, people don't understand the problems, and for this they don't understand how to solve them. But all are scared of malware now, especially those who are using Microsoft Windows.

I think this is the reason for your problems. And because this is a social problem, I'm afraid to tell you, that there is no simple solution for it.

Yours, VB.

Reply to
Volker Birk

Hi

I've just developed an Excel workbook with VBA in it, which has been sent as a questionnaire to c. 400 associates nationwide, as an email attachment.

Some users are not receiving these emails, because the email scanning software in their organisation is objecting to the file. Here's part of a typical automated response from a firewall:

[email]....has not been delivered as it has been classified as containing encrypted data that cannot be checked using the current automatic content analysis tools.

The thing is, the file is NOT encrypted. It's a normal .XLS (Excel

2000) file, with some VBA code in it. I've scanned it with McAfee Viruscan Enterprise here at work, and with AVG at home, with no problems detected.

The only thing I can imagine the security software objecting to is the fact that the workbook and worksheets are "protected" with a password. Now this is _not_ encryption: simply a cosmetic measure that prevents users from changing certain features of the spreadsheet - anyone can open the workbook and have a look at everything in it. (To repeat the point: this is not a password-protected file, which requires a password to be opened: workbook/worksheet protection is distinct from that).

The sheets are protected for a good reason: when they're filled in and sent back, they're bulk-imported into a database: any change to the structure of the spreadsheets would completely mess up the import code.

Has anyone come across a similar problem? Is what's happening maybe not determined by the particular software these orgs are using, but by some custom rule the mail-admins might have set up within it? Or does Excel in fact encrypt .XLS files (or part of them) when you protect a worksheet and/or workbook? But if it did, surely McAfee and AVG would have objected to these files, which they don't. My copy of AVG was last updated yesterday, and as far as I know I haven't customised it by flicking a "be especially lenient towards .XLS files" switch - so why are these firewalls rejecting the files? (maybe I've got the wrong end of the stick on this last point - corporate-scale email security would tend to be _more_ paranoid than me as an individual, due to the volume of traffic it handles?).

I have no experience of corporate-scale email setups (except as a user), so I'm a bit mystified how they work with regard to security.

I don't have a clear picture yet of exactly what software is being used as the firewall (there are 35 different organisations to contact). This just seems very strange.

thanks for any ideas

Seb

Reply to
sebthirlway

You're probably running afoul of several different solutions and there may be no easy method. You might try posting the file on a website and asking the user to hyperlink to download it, the http rules may be different from smtp rules. Otherwise you'll need the fw admins to whitelist your domain or your email address or something like that, to get the content through. (which with 35 sites, would be no fun) Unless you can unprotect the content sufficiently which it sounds like you don't want to do.

-Russ.

Reply to
Somebody.

Thanks for your replies.

We've already thought of putting the file on our corporate website - nice to have it confirmed that http rules might be less restrictive.

Volker, unfortunately for me your statement "this is a social problem" pretty much sums it up. I suspect that many of these orgs are running Iron-Age security software, loaded up with rules to make the firewall pretty much equivalent to a guy wearing a tinfoil beanie to prevent thought-control.

I'll try the website option; thanks again for your comments.

Seb

Reply to
sebthirlway

The anti virus software or mail filters might not be 'smart' enough to differentiate a read password from a write password and just block the whole file outright (our Sophos/MailMarshal combo has this problem).

Remove the password altogether. You will still see emails getting blocked on the VBA code however.

Reply to
Benno

I would agree with you here in that the AV mail filters are detecting emails with VBA code in the attached file and is blocking the email as part of the protection measures and has nothing to do with a FW.

Duane :)

Reply to
Duane Arnold

Unless the FW is doing AV. Some do.

-Russ.

Reply to
Somebody.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.