MS Word Docs hosts security relevant metadata
Hi list, according to an article in the german computer-zine c't ms-word documents hosts security relevant metadata, as paths, hostnames, ip's and so on. If you send doc-data via email you'll provide a potential attacker with such information, that can be helpfull to compromise your network. So it seems to be a good idea to filter all outgoing mail with such attachments and convert automagically into pdf. ANY SUGGESTIONS ?!?
On Thu, 7 Feb 2002, Michael Appeldorn wrote:
according to an article in the german computer-zine c't ms-word documents hosts security relevant metadata, as paths, hostnames, ip's and so on.
Oh, well, this is known for years! And it's also known for years "Schnellspeicherung" [1] just creates a new document stream, which just means your Word file grows really big and you can see the different "revisions" of the Word document as it contains for each "revision" a own document stream.
So it seems to be a good idea to filter all outgoing mail with such attachments and convert automagically into pdf.
I'd suggest RTF here (real RTF files. Some macro viruses hook "save As" and just give the word document the extension RTF. Keep in mind, Windows/Word do not really care about the extions here). Probably antiword may do the job. But I'm not a fried of automatic stuff here. Such a filter is for me part of the MTA, and an MTA must not change the contant of any mail (otherwise it would violate RFC). Just my 0.02 cent. best regards, Rainer Link [1] Excuse my ignorance. I just do not recall, how this is called in english versions of Word. Probably "quick save"? -- Rainer Link | SuSE - The Linux Experts link@suse.de | Developer of A Mail Virus Scanner (www.amavis.org) www.suse.de | Founder OpenAntiVirus Project (www.openantivirus.org)
Rainer Link wrote:
I'd suggest RTF here (real RTF files. Some macro viruses hook "save As" and just give the word document the extension RTF. Keep in mind, Windows/Word do not really care about the extions here).
As stated in c't, RTF are still hosting metadata. Martin -- martin.peikert@discon.de Discon GmbH Internet Solutions Wrangelstrasse 100 http://www.discon.de/ 10997 Berlin, Germany
Am Donnerstag, 7. Februar 2002 12:48 schrieb Martin Peikert:
As stated in c't, RTF are still hosting metadata.
When created from within MS Word, yes they do. If you use a saner program for your work, they don't. (My guess) Peter
Peter Wiersig wrote:
Am Donnerstag, 7. Februar 2002 12:48 schrieb Martin Peikert:
As stated in c't, RTF are still hosting metadata.
When created from within MS Word, yes they do.
If you use a saner program for your work, they don't. (My guess)
Right: use vi and latex/pdftex/... and you won't get in trouble. Do _you_ want to tell that to all those MS-Word-users? Martin -- martin.peikert@discon.de Discon GmbH Internet Solutions Wrangelstrasse 100 http://www.discon.de/ 10997 Berlin, Germany
On Thu, Feb 07, 2002 at 01:46:29PM +0100, Martin Peikert wrote:
When created from within MS Word, yes they do.
If you use a saner program for your work, they don't. (My guess)
Right: use vi and latex/pdftex/... and you won't get in trouble.
Do _you_ want to tell that to all those MS-Word-users?
I think he was talking about the converter to be used on the mailserver. Regards, Albert
Am 07.02.2002 14:21:16, schrieb Albert Brandl
On Thu, Feb 07, 2002 at 01:46:29PM +0100, Martin Peikert wrote:
When created from within MS Word, yes they do.
If you use a saner program for your work, they don't. (My guess)
Right: use vi and latex/pdftex/... and you won't get in trouble.
Do _you_ want to tell that to all those MS-Word-users?
I think he was talking about the converter to be used on the mailserver.
Yep - any proposal ? Michael Appeldorn
Albert Brandl schrieb:
On Thu, Feb 07, 2002 at 01:46:29PM +0100, Martin Peikert wrote:
When created from within MS Word, yes they do.
If you use a saner program for your work, they don't. (My guess)
Right: use vi and latex/pdftex/... and you won't get in trouble.
Do _you_ want to tell that to all those MS-Word-users?
I think he was talking about the converter to be used on the mailserver.
Aha. You _think_. Does that mean: If he can not write down what he means in a way that even I can understand it then you need to tell me what he wanted to say because you know that better than me? Martin -- martin.peikert@discon.de Discon GmbH Internet Solutions Wrangelstrasse 100 http://www.discon.de/ 10997 Berlin, Germany
When created from within MS Word, yes they do.
If you use a saner program for your work, they don't. (My guess)
Right: use vi and latex/pdftex/... and you won't get in trouble.
Do _you_ want to tell that to all those MS-Word-users?
I think he was talking about the converter to be used on the mailserver.
Aha. You _think_. Does that mean: If he can not write down what he means in a way that even I can understand it then you need to tell me what he wanted to say because you know that better than me?
Me _THINK_ 2. Thatswhy i wrote in my initial question:
So it seems to be a good idea to filter all outgoing mail with such attachments and convert automagically into pdf.
Of course the MTA will do this jobs cauze it handles all the mails. Michael Appeldorn
Michael Appeldorn wrote:
Of course the MTA will do this jobs cauze it handles all the mails.
it's not the job of an MTA to convert attachments! MTA means Mail TRANSFER agent, not MMA (Mail Manipulation Agent) or so... -- intraDAT AG http://www.intradat.com Wilhelm-Leuschner-Strasse 7 Tel: +49 69-25629-0 D - 60329 Frankfurt am Main Fax: +49 69-25629-256 Junk mail is war. RFCs do not apply.
Of course the MTA will do this jobs cauze it handles all the mails.
it's not the job of an MTA to convert attachments! MTA means Mail TRANSFER agent, not MMA (Mail Manipulation Agent) or so...
Anyway - i did not ask 4 some terms, but for the possibility to modify/convert attachments before sending them out. Amavis e.g. sits somewhere in the transfer process of email and gets to see the attachments. But I wont to reinvent the wheel by trying to patch it to this function. (DOC->PDF via Ghostscript) Michael Appeldorn
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Michael, you could use MIMEdefang for this purpose, it integrates with sendmail by using the milter-API avaiable since versions 8.11 (sp?). URL: http://www.roaringpenguin.com/mimedefang/ It can do what you would like to achieve. Though modifying Mail clearly violates the RFC ;), using it on a carefully configured Border-Gateway (such as your internal SMTP-gateway for outgoing mail) will usually not cause too much problems. The point there really is that the MTA modifying the mail should be configured in a way to 1. not interfere with normal mail delivery processes and because of this needs to be careful when modifying messages (think of delivery/error notifications and possible mail-loops/mail-floods when not being very careful about which mails to modify and what to do in case of errors). cu, Tilman Am Donnerstag, 7. Februar 2002 16:01 schrieb Michael Appeldorn:
Anyway - i did not ask 4 some terms, but for the possibility to modify/convert attachments before sending them out.
Amavis e.g. sits somewhere in the transfer process of email and gets to see the attachments. But I wont to reinvent the wheel by trying to patch it to this function. (DOC->PDF via Ghostscript)
- -- Tilman Müller-Gerbes, Cologne/Germany E: tmg@saar.de, T: 0221/1206380, F: 0221/1206381 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8YpiMJcZx8ZxeDLURAjXMAJ0X4jQQ53mDwn5MgE+hZt5MC/mO+ACgnoN8 OibOQft8670zrmjDir/LGjE= =HJkq -----END PGP SIGNATURE-----
Hi! I think ;-) you want to convert docs to pdf? May be take a look at: antiword - http://freshmeat.net/projects/antiword/ There are some other tools, and one works with a mta to convert automaticaly all doc's to pdf. There was a article in german "linux Magazin" not so long ago, but i didn't found in the hurry. Wish you an successfully search! Christian Am Donnerstag, 7. Februar 2002 16:09 schrieb Tilman Mueller-Gerbes:
Hi Michael,
you could use MIMEdefang for this purpose, it integrates with sendmail by using the milter-API avaiable since versions 8.11 (sp?). URL: http://www.roaringpenguin.com/mimedefang/
It can do what you would like to achieve.
Though modifying Mail clearly violates the RFC ;), using it on a carefully configured Border-Gateway (such as your internal SMTP-gateway for outgoing mail) will usually not cause too much problems. The point there really is that the MTA modifying the mail should be configured in a way to 1. not interfere with normal mail delivery processes and because of this needs to be careful when modifying messages (think of delivery/error notifications and possible mail-loops/mail-floods when not being very careful about which mails to modify and what to do in case of errors).
cu, Tilman
Am Donnerstag, 7. Februar 2002 16:01 schrieb Michael Appeldorn:
Anyway - i did not ask 4 some terms, but for the possibility to modify/convert attachments before sending them out.
Amavis e.g. sits somewhere in the transfer process of email and gets to see the attachments. But I wont to reinvent the wheel by trying to patch it to this function. (DOC->PDF via Ghostscript)
-- Christian Uhde uhde@growler.de http://www.christian-uhde.de
Martin Peikert schrieb:
Albert Brandl schrieb:
On Thu, Feb 07, 2002 at 01:46:29PM +0100, Martin Peikert wrote:
When created from within MS Word, yes they do.
If you use a saner program for your work, they don't. (My guess)
Right: use vi and latex/pdftex/... and you won't get in trouble.
Do _you_ want to tell that to all those MS-Word-users?
I think he was talking about the converter to be used on the mailserver.
Aha. You _think_. Does that mean: If he can not write down what he means in a way that even I can understand it then you need to tell me what he wanted to say because you know that better than me?
Albert, please excuse my harsh answer. FYI: In a personal mail Albert told me that he wanted to invite the author (Peter Wiersig) of the original posting to clarify his email. Peter did that in a PM: If RTF-files would be generated with another engine than MS-Word then it would be possible that they wouldn't contain meta-data. Martin -- martin.peikert@discon.de Discon GmbH Internet Solutions Wrangelstrasse 100 http://www.discon.de/ 10997 Berlin, Germany
On Fri, Feb 08, 2002 at 11:22:46AM +0100, Martin Peikert wrote:
Albert, please excuse my harsh answer.
OK.
FYI: In a personal mail Albert told me that he wanted to invite the author (Peter Wiersig) of the original posting to clarify his email.
If I had waited for a day or so, this whole stuff would not have been necessary - next time I'll try to retain a bit longer :-) Regards, Albert
When created from within MS Word, yes they do.
If you use a saner program for your work, they don't. (My guess)
So - that was not the question. NEED to use MSWord. And so i want to convert outgoing email with word-attachments to email with pdf-attachments. ACK ? How2 ? :O) Michael Appeldorn
Hi there,
So - that was not the question. NEED to use MSWord. And so i want to convert outgoing email with word-attachments to email with pdf-attachments.
1.) Issue a company-wide policy, that ALL outgoing email traffic has to be PDF or plain-text only. 2.) Enforce this by blocking all other attachements on outgoing traffic, this is dependent on your MTA. 3.) Use something like http://doc2pdf.sourceforge.net/ or http://www.linuxgazette.com/issue72/bright.html if you don't want to provide all your users with a full Adobe Acrobat. Greetings, Sven Thomsen
I'd suggest RTF here (real RTF files. Some macro viruses hook "save As" and just give the word document the extension RTF. Keep in mind, Windows/Word do not really care about the extions here). Probably antiword may do the job. But I'm not a fried of automatic stuff here. Such a filter is for me part of the MTA, and an MTA must not change the contant of any mail (otherwise it would violate RFC).
RFC - Request for comments : That's my comment -> i would violate an RFC (who cares - it's my content in my email) to prevent somebody to violate my network :O)_ Michael Appeldorn
participants (9)
-
Albert Brandl
-
Christian Uhde
-
Martin Peikert
-
Michael Appeldorn
-
Peter Wiersig
-
Rainer Link
-
Sven Michels
-
Sven Thomsen
-
Tilman Mueller-Gerbes