Protecting from "office document"-based malware

Questions about applications and software
Forum rules
Before you post please read how to get help
Post Reply
Netherprovinc3
Level 4
Level 4
Posts: 347
Joined: Mon Feb 04, 2019 9:29 pm

Protecting from "office document"-based malware

Post by Netherprovinc3 »

I would like to establish a procedure to protect better from malware in office documents.
The most common scenario for me is to open a Microsoft office document (which I have received through email) using Libre Office. Typically this would be a spreadsheet or a word processing file.

The files that I am dealing with typically don't have bells and whistles.

1) One idea that I have is to download the file, put it in a shared folder that's shared with an offline virtual machine, boot the VM, move it into documents in the VM, remove access in the vm to the shared folder, then open the file, and copy and paste the contents into a new file (shared clipboard).

2) Another option is to see if can turn off macros in the latest version of Libre office
https://www.theregister.com/2019/07/30/ ... erability/

3) Here is some software that can turn some files into PDFs in a reasonably safe manner
https://github.com/firstlookmedia/dange ... =micahflee
But, I am unsure of how much trust to put in the software. I'd imagine that it's a great tool, though.

I'd kind of like to avoid option 2 because it's not in the software repository but that might just be the obsessive compulsive disorder in me.

Comments/ other suggestions?
Last edited by Netherprovinc3 on Sun Jun 28, 2020 9:00 pm, edited 1 time in total.
Linux Mint 19.1 Cinnamon unless otherwise noted.

User avatar
Pierre
Level 20
Level 20
Posts: 10599
Joined: Fri Sep 05, 2008 5:33 am
Location: Perth, AU.

Re: Protecting from "office document based" malware

Post by Pierre »

1/ you should be able to simply download the *.DOCX file and then open it in LibreOffice itself.
- - you shouldn't need to open it with an VirtualMachine . .

2/ you can Turn off any macro's - even though most malware is typically an Windows orientated thing.

3/ you can Print Direct to an PDF - from any open Document file.
Image
Please edit your original post title to include [SOLVED] - when your problem is solved!
and DO LOOK at those Unanswered Topics - - you may be able to answer some!.

Netherprovinc3
Level 4
Level 4
Posts: 347
Joined: Mon Feb 04, 2019 9:29 pm

Re: Protecting from "office document based" malware

Post by Netherprovinc3 »

Pierre wrote:
Thu Jun 25, 2020 10:52 pm
1/ you should be able to simply download the *.DOCX file and then open it in LibreOffice itself.
- - you shouldn't need to open it with an VirtualMachine . .
I think that an offline VM can offer some protection, if copy and paste out of the document into a new document in the host machine. My hunch here is that the script (or whatever more "powerful" data that's in the file) would not make its way out with copy and paste.
Pierre wrote:
Thu Jun 25, 2020 10:52 pm
2/ you can Turn off any macro's - even though most malware is typically an Windows orientated thing.
Per the article that I linked to, there is still some security flaw except maybe in some of the very recent versions of Libre Office.
Pierre wrote:
Thu Jun 25, 2020 10:52 pm
3/ you can Print Direct to an PDF - from any open Document file.
yes but some risk when you open it. But yes, gets rid of the risk for future recipients.

Probably my questions are not applicable to a lot of users. But, think of someone that receives a lot of attachments, from not very savvy computer users.
Linux Mint 19.1 Cinnamon unless otherwise noted.

User avatar
Pierre
Level 20
Level 20
Posts: 10599
Joined: Fri Sep 05, 2008 5:33 am
Location: Perth, AU.

Re: Protecting from "office document based" malware

Post by Pierre »

that may be True, in that some of your questions are not applicable to a lot of users,
however, in general, the Linux System is an quite secure system,
and thus you are concerned with an particular sub - area of the LibreOffice program,

so, for most folks, they will not be an issue.
:mrgreen:
Image
Please edit your original post title to include [SOLVED] - when your problem is solved!
and DO LOOK at those Unanswered Topics - - you may be able to answer some!.

RIH
Level 5
Level 5
Posts: 642
Joined: Sat Aug 22, 2015 3:47 am

Re: Protecting from "office document based" malware

Post by RIH »

You could always open then in firejail, or another sandboxing system..
https://firejail.wordpress.com/download-2/
Host: bob-Aspire-TC-705 Kernel: 4.15.0-112-generic x86_64 bits: 64
compiler: gcc v: 7.4.0 Desktop: Cinnamon 4.4.8
Distro: Linux Mint 19.3 Tricia base: Ubuntu 18.04 bionic

Netherprovinc3
Level 4
Level 4
Posts: 347
Joined: Mon Feb 04, 2019 9:29 pm

Re: Protecting from "office document based" malware

Post by Netherprovinc3 »

RIH wrote:
Fri Jun 26, 2020 10:50 pm
You could always open then in firejail, or another sandboxing system..
https://firejail.wordpress.com/download-2/
I am not having much luck with Firejail. I think that some of my problem is that I want to open a single file using sandbox. Much of the help that I find online focuses on sandboxing programs that are not so trusted.
Linux Mint 19.1 Cinnamon unless otherwise noted.

User avatar
Kadaitcha Man
Level 9
Level 9
Posts: 2560
Joined: Mon Aug 27, 2012 10:17 pm

Re: Protecting from "office document"-based malware

Post by Kadaitcha Man »

Netherprovinc3 wrote:
Thu Jun 25, 2020 10:38 pm
I would like to establish a procedure to protect better from malware in office documents.
The most common scenario for me is to open a Microsoft office document (which I have received through email) using Libre Office. Typically this would be a spreadsheet or a word processing file.
Your fears are completely and utterly unfounded, and efforts to open MS Office documents in a sandboxed LibreOffice are equally as pointless.

First, all macro enabled MS Office documents have the letter m as the last letter of their extension, eg .docm, .dotm, .xlsm, .xltm so those are immediately recognisable as potential sources of issues for MS OFFICE USERS ONLY.

Second, the macro language used by LibreOffice is not the same language as used by MS Office, consequently LibreOffice cannot execute MS Office macros.

A simple google search for libreoffice excel macros would have told you this in the very first link.
It's pronounced kad-eye-cha, not kada-itcha.

Post Reply

Return to “Software & Applications”