Rename .doc attachments to .docx and .xls to .xlsx
The .doc and .xls file formats are a major security risk, with many ransomware campaigns using Word macros as the attack vector.
Unfortunately we still get so many of these old-format files by email, that we can't very well ban them.
A very simple protection mechanism is to rename these attachments at the mailserver to *.docx and *.xlsx respectively.
This will not prevent the attachments from being opened in most versions of Microsoft Office or Open Office, but will prevent any embedded macros from running. Even if the user follows a (malicious) instruction in the document to turn off macro security, the macro will still not run if the extension is .docx.
Should be easy enough to accomplish in the content filter, by adding a 'change extension' or 'rename attachment' option.
Ian Macdonald
shared this idea
Hello,
Thanks for sharing your idea to rename office files to prevent macro execution. Unfortunately, in my testing, renaming a .doc file to .docx prevents MS Word from being able to open the file.
Thanks,
Arron
-
Ian Macdonald
commented
My understanding is that the .docx and .xlsx formats address the issue suffered by earlier formats where renamed files containing macros would be executed even if they had a seemingly-harmless extension.
The earlier .doc format was not supposed to be macro-capable, but an oversight in the systems design meant that a .dot renamed to .doc could contain an auto-execute macro. The same was true of a .dot renamed to .rtf.
I guess Microsoft would be the ones to confirm that .docx files can never execute macros.
Treating a file with a macro as a virus could lead to complications if it was legitimately sent. Renaming it does not prevent it from being read, but prevents the macro running until someone has OK'd it and renamed the file.
Anyway, just a suggestion.