>
> |
%META:TOPICINFO{author="chris.lowth" date="1025366979" format="1.0" version="1.1"}%
%META:TOPICPARENT{name="Documents"}%
Part of protector (http://protector.sourceforge.net)
By Chris Lowth, (protector@lowth.com)
check_msole [-l] [-d] [-D] [-s directory] filename
check_msole is the module used by the protector suite to validate the
safety of Microsoft OLE compound documents such as those created by the
MS-Office suite. The program identifies the type of the file and it's
embedded objects (if any) by looking at the internal document file
system structure and contents. It then verifies that the document and
all it's objects are of safe types, and contain no macros or other
executable code.
The results of the program's deliberations are written to the standard
output in such a format that the protector's part_filter can collect and
use them.
The program is cable of identifying (with varying degrees of accuracy)
and verifying the safety of the following types of file..
- application/ms-clipart
- application/ms-drawing
- application/ms-equation
- application/ms-html-hidden-field
- application/ms-mail-attachment
- application/ms-mailstream
- application/ms-office-binder
- application/ms-ole-package
- application/ms-paintbrush
- application/ms-photo-ed-3
- application/ms-publisher
- application/ms-visio
- application/msword
- application/msword-art
- application/msword-picture
- application/vnd.ms-excel
- application/vnd.ms-powerpoint
- video/avi
The program outputs its information using a combination of lines in the
following formats..
| error= | The value "none" means that everything has worked well. Other values give details of the reason for failure. |
| type= | This value gives the mime type of the document, if it was possible to determine it. |
| safe= | The value "yes" means that the document is free of viruses and consists only of known safe components. "no" means that the document contains macros or other potentially unsafe components. "Unknown" means that the document contains components that could not be checked for safety (most probably because the author does not know how). |
| -l | List the directory structure of the internal document file system |
| -d | Turn on debugging, and the display of various internal variables. |
| -D | Dump the internal file system components into the working directory. This option is really only useful for development and diagnostic purposes. |
| -s directory | Save the files from the OLE document internal file system to disk. |
In order to write this program, I have made extensive use of the published
source code of Sun's StarOffice and the excellent documentation
provided with "Elsa" and "Laola" by Martin Schwartz
(http://wwwwbs.cs.tu-berlin.de/~schwartz/pmh/index.html or
http://user.cs.tu-berlin.de/~schwartz/pmh/index.html). Thank you Sun and
Martin for some superb code and sources of information |