topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 5:07 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: How to check xlsx files for malicious macros or virus  (Read 19204 times)

kalos

  • Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 1,823
    • View Profile
    • Donate to Member
How to check xlsx files for malicious macros or virus
« on: February 17, 2018, 11:48 AM »
Hello!

I got today a response from a job ad I applied and they sent me an xlsx file to test my Excel skills.

This sounds a bit dodgy to be honest and I am reluctant to open it. However, I scanned it with VirusTotal.com and no virus was found from all engines.

However, are these virus engines able to detect malicious stuff in a xlsx file, such as macros etc?

They also told me not to distribute the file because it's a 'test' so I cannot really upload it here.

Any advice?

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: How to check xlsx files for malicious macros or virus
« Reply #1 on: February 17, 2018, 08:16 PM »
There are a couple of approaches to handling such files that you don't trust:

1. User a virtual machine to open and test it and work on it
2. Use a 3d party tool to open it instead of using microsoft office (like an online service or a 3rd party office compatible tool)
3. Turn off macros/scripts in excel until you are sure you trust it.

Target

  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 1,832
    • View Profile
    • Donate to Member
Re: How to check xlsx files for malicious macros or virus
« Reply #2 on: February 18, 2018, 01:02 AM »
as long as it is actually an xlsx you wont have a problem - XLSX files can't hold macro's (they need to be in XLSM format)

as to how you confirm that I couldn't say, though excel is pretty good about highlighting files it thinks aren't in the expected format

ConstanceJill

  • Supporting Member
  • Joined in 2012
  • **
  • Posts: 205
    • View Profile
    • Donate to Member
Re: How to check xlsx files for malicious macros or virus
« Reply #3 on: February 18, 2018, 06:00 AM »
Hi ^^

Just like other Office 2007 files, .xlsx files are just .zip files, so you can explore the contents with 7-zip or another archiver, and have a look at the .xml files inside with Notepad++ or other text editor of your choice.

As Target mentionned, they shouldn't contain any macro though.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: How to check xlsx files for malicious macros or virus
« Reply #4 on: February 18, 2018, 10:04 AM »
Can't find it at the moment, but one of the hacking news sites had an article on hostel code that could be embedded in xlsx files, and a bunch of other types of MS Office document.

Bottom line, low-tech is best tech ...(because AV scanners miss stuff all the time)... Just contact them and ask if the file was sent intentionally.

This policy is mandatory at our office with any unsolicited attachments.

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
Re: How to check xlsx files for malicious macros or virus
« Reply #5 on: March 03, 2018, 09:33 AM »
Use a disposable Google account and upload it there, to open in Google Sheets. You can view it there, without any sort of Excel specific macros causing potential problems to your system.  And even if it does cause a problem, it would likely be limited to that specific Google account (not your machine), which would be a throw away account, just for that very reason.

mwb1100

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,645
    • View Profile
    • Donate to Member
Re: How to check xlsx files for malicious macros or virus
« Reply #6 on: March 03, 2018, 11:19 AM »
Apparently even CSV files (!) can be vectors for an exploit: http://georgemauer.n...7/csv-injection.html

I find that having a Linux VM to open files I don't trust (Office docs, PDFs, etc) keeps my mind at ease.  VirtualBox is free and will work great for this.  It's not necessarily completely fool proof (I imagine that even OpenOffice could be have some vulnerability), but I figure it would sandbox things well enough.