template questions

[Guest]

A consultant created a Word template for my client. It includes a logo image
and several Text Form Fields (you click on the grey highlighted text and the
entire text is selected to be replaced with what you type). My client has one
of their customers who cannot open docs based on this template so I'm
investigating. The open either generates a "this document contains a virus"
error or the open simply hangs and it does this for all recipients at that
customer.

How are these "fields" created in Word? I'm wondering if the resulting doc
contains a macro? Is there a way I can see the doc in Raw mode ?

Thanks for any clues here.

 

[Graham Mayor]

Given that there is no virus checking in Word, I would look first at an
over-enthusiastic virus checking software on your client's PC.

--
<>>< ><<> ><<> <>>< ><<> <>>< <>><<>
Graham Mayor - Word MVP

My web site www.gmayor.com

<>>< ><<> ><<> <>>< ><<> <>>< <>><<>

 

[Guest]

over enthusiastic or not, the mail is being rejected by the security
infrastructure of a fortune 500 company. Something in the Word document is
triggering the AV scanner to reject it. It only happens with documents
created from a temploate with Text Form Fields. I would like to find out what
is different about this kind of resulting document to see if there is a
workaround.

M.

 

[Graham Mayor]

Just because the company is successful doesn't mean that its AV software is
any good or that its security is well configured. It merely means that there
will be some jobsworth in charge of IT support who is going to be hard to
convinvce that what they are doing is inappropriate. There should be no
reason to virus check each document as it is opened, and to that end most
users turn off such checking. In particular Norton AV is notorious for
getting in the way and its Office Plug-in should be turned off.

--
<>>< ><<> ><<> <>>< ><<> <>>< <>><<>
Graham Mayor - Word MVP

My web site www.gmayor.com

<>>< ><<> ><<> <>>< ><<> <>>< <>><<>

 

[Guest]

Well, that might be good advice if Word didn't allow malicios macro and VB
script execution. I know Microsoft has security fixes out but that jobsworth
can't be sure they're installed on every pc on the network, so he probably
has some corporate version of AV with policy set to prohibit execution if
document is opened off the net.

I would just like more information on what the difference is between the
guts of two documents, the ones that open successfully and the ones that are
created with text form fields and fail.

 

[Beth Melton]

While the idea is good, if only Word (or Microsoft) didn't allow malicious
macro and VB script execution, how would they determine what is malicious
and what isn't?

For example I develop custom solutions a procedure in one solution deleted
all files from a specific folder (it moves them to another folder first) and
there are others that delete specific files. This code is fine and it isn't
malicious - it's what my client wants. I could create a similar macro, place
it in a document, email it to you, and upon opening the document it would
delete all files in your My Documents folder or delete other files. Now, of
course this macro would be malicious. However the only difference is the
intent of the macro - not the code contained in the macro. So the biggest
issue is intent. If a computer could determine intent then this
long-standing problem would have been fixed years ago.

Please post all follow-up questions to the newsgroup. Requests for
assistance by email cannot be acknowledged.

~~~~~~~~~~~~~~~
Beth Melton
Microsoft Office MVP

Coauthor of Word 2007 Inside Out:
http://www.microsoft.com/MSPress/books/9801.aspx#AboutTheBook

Word FAQ: http://mvps.org/word
TechTrax eZine: http://mousetrax.com/techtrax/
MVP FAQ site: http://mvps.org/

 

[Beth Melton]

If the document contains only Word form fields, those added using the Forms
toolbar and not the Control Toolbox, then it shouldn't contain any macros
and pass macro security with flying colors.

From what you describe, it does sound like the client is using Norton AV and
the "Enable Office Plug-in" option is turned on. As Graham noted in another
post in this thread, this option is notorious at thinking perfectly fine
files contain a virus (when there is only text in the file) and prevents you
from opening them. I'd enquire about their virus scanner. If that is the
problem then it's likely your files aren't the only ones they are unable to
open.

Please post all follow-up questions to the newsgroup. Requests for
assistance by email cannot be acknowledged.

~~~~~~~~~~~~~~~
Beth Melton
Microsoft Office MVP

Coauthor of Word 2007 Inside Out:
http://www.microsoft.com/MSPress/books/9801.aspx#AboutTheBook

Word FAQ: http://mvps.org/word
TechTrax eZine: http://mousetrax.com/techtrax/
MVP FAQ site: http://mvps.org/

 

[Guest]

I will inquire as to the AV scanner, although these are top level executives
and I don't want to bother them unduly. They claim my clients attachments are
the only ones causing a problem. Perpahs my client is the only one generating
documents from a forms field template.

Clearly there is something different when a document is created from a
template with form fields... for instance when I look at the doc in a text
editor I see references to external web sites like the Microsoft SmartTags
schema URL. There is a whole bunch of stuff in this doc that doesn't appear
in an ordinary Word doc.

 

[Guest]

Point well taken.. software is still quite ignorant. But opening a document
from the temporary cache vs local folder is probably a good decision point
for scanners... and I think that's what's happening here. Most executives
don't have the patience to save a doc first, then open it. They see the
attachment and want to view the content with one click. I use GMail which has
a doc viewer built in.. so I can preview a doc before I decide to download
and open it.

M.

 

[Beth Melton]

Nope. There really is no difference between the two. Granted there are some
differences, such as templates can also store AutoText and such, but what
you see in the template can also appear in any document depending on the
content.

You can remove the Smart Tags (it's possible a virus scanner might find them
threatening). Go to Tools/AutoCorrect Options/Smart Tags. Click the Remove
Smart Tags button and if you do not want to add other smart tags in your
documents/templates then turn off "Label text with Smart Tags".

What other items do you see? If you want to email the file to me I can take
a look at it for you. To obtain a valid email address, remove NoSpam4Me
from: (e-mail address removed)

Please post all follow-up questions to the newsgroup. Requests for
assistance by email cannot be acknowledged.

~~~~~~~~~~~~~~~
Beth Melton
Microsoft Office MVP

Coauthor of Word 2007 Inside Out:
http://www.microsoft.com/MSPress/books/9801.aspx#AboutTheBook

Word FAQ: http://mvps.org/word
TechTrax eZine: http://mousetrax.com/techtrax/
MVP FAQ site: http://mvps.org/