Excel protected workbook appears opaque to virus-scan?

S

sebthirlway

Hi

I've just developed an Excel workbook with VBA in it, which has been
sent as a questionnaire to c. 400 associates nationwide, as an email
attachment.

Some users are not receiving these emails, because the email scanning
software in their organisation is objecting to the file. Here's part
of a typical automated response from a firewall:

....has not been delivered as it has been classified as
containing encrypted data that cannot be checked using the current
automatic content analysis tools.

The thing is, the file is NOT encrypted. It's a normal .XLS (Excel
2000) file, with some VBA code in it. I've scanned it with McAfee
Viruscan Enterprise here at work, and with AVG at home, with no
problems detected.

The only thing I can imagine the security software objecting to is the
fact that the workbook and worksheets are "protected" with a password.
Now this is _not_ encryption: simply a cosmetic measure that prevents
users from changing certain features of the spreadsheet - anyone can
open the workbook and have a look at everything in it. (To repeat the
point: this is not a password-protected file, which requires a password
to be opened: workbook/worksheet protection is distinct from that).

The sheets are protected for a good reason: when they're filled in and
sent back, they're bulk-imported into a database: any change to the
structure of the spreadsheets would completely mess up the import code.

Has anyone come across a similar problem? Is what's happening maybe
not determined by the particular software these orgs are using, but by
some custom rule the mail-admins might have set up within it? Or does
Excel in fact encrypt .XLS files (or part of them) when you protect a
worksheet and/or workbook? But if it did, surely McAfee and AVG would
have objected to these files, which they don't. My copy of AVG was
last updated yesterday, and as far as I know I haven't customised it by
flicking a "be especially lenient towards .XLS files" switch - so why
are these firewalls rejecting the files?
(maybe I've got the wrong end of the stick on this last point -
corporate-scale email security would tend to be _more_ paranoid than me
as an individual, due to the volume of traffic it handles?).

I have no experience of corporate-scale email setups (except as a
user), so I'm a bit mystified how they work with regard to security.

I don't have a clear picture yet of exactly what software is being used
as the firewall (there are 35 different organisations to contact).
This just seems very strange.

thanks for any ideas


Seb
 
S

Somebody.

Hi

I've just developed an Excel workbook with VBA in it, which has been
sent as a questionnaire to c. 400 associates nationwide, as an email
attachment.

Some users are not receiving these emails, because the email scanning
software in their organisation is objecting to the file. Here's part
of a typical automated response from a firewall:

....has not been delivered as it has been classified as
containing encrypted data that cannot be checked using the current
automatic content analysis tools.
[/QUOTE]
[QUOTE]
I have no experience of corporate-scale email setups (except as a
user), so I'm a bit mystified how they work with regard to security.

I don't have a clear picture yet of exactly what software is being used
as the firewall (there are 35 different organisations to contact).
This just seems very strange.

thanks for any ideas


Seb[/QUOTE]

You're probably running afoul of several different solutions and there may
be no easy method. You might try posting the file on a website and asking
the user to hyperlink to download it, the http rules may be different from
smtp rules. Otherwise you'll need the fw admins to whitelist your domain or
your email address or something like that, to get the content through.
(which with 35 sites, would be no fun) Unless you can unprotect the content
sufficiently which it sounds like you don't want to do.

-Russ.
 
S

sebthirlway

Thanks for your replies.

We've already thought of putting the file on our corporate website -
nice to have it confirmed that http rules might be less restrictive.

Volker, unfortunately for me your statement "this is a social problem"
pretty much sums it up. I suspect that many of these orgs are running
Iron-Age security software, loaded up with rules to make the firewall
pretty much equivalent to a guy wearing a tinfoil beanie to prevent
thought-control.

I'll try the website option; thanks again for your comments.


Seb
 
B

Benno

I've just developed an Excel workbook with VBA in it, which has been
sent as a questionnaire to c. 400 associates nationwide, as an email
attachment.

Some users are not receiving these emails, because the email scanning
software in their organisation is objecting to the file.
The only thing I can imagine the security software objecting to is the
fact that the workbook and worksheets are "protected" with a password.
Now this is _not_ encryption: simply a cosmetic measure that prevents
users from changing certain features of the spreadsheet - anyone can
open the workbook and have a look at everything in it. (To repeat the
point: this is not a password-protected file, which requires a password
to be opened: workbook/worksheet protection is distinct from that).

The anti virus software or mail filters might not be 'smart' enough to
differentiate a read password from a write password and just block the
whole file outright (our Sophos/MailMarshal combo has this problem).

Remove the password altogether. You will still see emails getting
blocked on the VBA code however.
 
D

Duane Arnold

Benno said:
The anti virus software or mail filters might not be 'smart' enough to
differentiate a read password from a write password and just block the
whole file outright (our Sophos/MailMarshal combo has this problem).

Remove the password altogether. You will still see emails getting
blocked on the VBA code however.

I would agree with you here in that the AV mail filters are detecting
emails with VBA code in the attached file and is blocking the email as
part of the protection measures and has nothing to do with a FW.

Duane :)
 
S

Somebody.

Duane Arnold said:
I would agree with you here in that the AV mail filters are detecting
emails with VBA code in the attached file and is blocking the email as
part of the protection measures and has nothing to do with a FW.

Duane :)

Unless the FW is doing AV. Some do.

-Russ.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top