e-mail virusscan stops excel workbooks with password

  • Thread starter Thread starter Anders Dahlqvist
  • Start date Start date
A

Anders Dahlqvist

We are a small organization working between sales
departments of large companies.
We distribute market figures in the form of excel worbooks
and add password to them to protect the figures. This has
worked fine for many years. Now som receivers of the
figures report that there companies e-mail systems reject
these mails due to the passwords. The virusscan can´t open
the files and perform a scan they say.

Is this a known and correct description of the problem and
is there an easy implemented solution? We wish to keep the
password if possible.
 
What virusscan are they using? If it needs to unprotect anything
it's pretty pathetic.

At least through XL02, you don't need to open a file to scan for
macro virii - a password doesn't encrypt the file after all - any
VBA code is still open to be read, and is unaffected by protecting
the file, worksheets or VBA project - and it's still mostly readable
as plain text (though tokenized). Any scanner should be able to scan
for the viral signatures.

XL03 is supposed to be digital rights management aware, so it
certainly *can* encrypt the file when DRM is set in conjunction with
Windows Server 2003, but if you don't apply DRM, the file *should*
be as scannable as with previous versions.

Disclaimer: I'm not a file format expert - the above is just based
on my experience looking at files with a hex editor.
 
What virusscan are they using? If it needs to unprotect anything
it's pretty pathetic.
Click to expand...

More than likely the virus detection program is rejecting anything
that might contain visual basic. He'd probably find it would
reject any Excel file.

Jordon
 
Maybe zipping the file would help (or maybe not).

http://www.winzip.com is my zip program of choice.

We recently converted to Outlook2k at work. I'm kind of amazed that by default,
Outlook stops so many files from coming in (.bat, .scr, .reg, .vbs, .exe, etc).
(We have whatever point release that allows you to do a registry tweak to allow
a bunch of extensions, but I'm still amazed.)
 
It´s a MailMarshal program. They have configured it to
stop any password protected file I have heard.
 
What I've done with some clients that have policies like this is to
post my files on my ftp server. I then email them the ftp link so
that they can download it directly, bypassing any email filters.
 
Back
Top