How can I open a Microsoft Word document securely?

Question

I got an email in my spamfilter with an attached Microsoft Word document. How can I view that file securely on Ubuntu. The 'from' email header shows that it is from a copy machine, but it could very well be spoofed. I cannot see the full header in the spamfilter email/webservice, so the file may be genuine or trojan.

I have downloaded the file and used file and strings, which I suppose are usually ok (Update: Not even strings may be ok. There has been vulnerabilities associated with the program, see http://www.ubuntu.com/usn/usn-2496-1/). I suppose that Libreoffice would also generally be ok to use for opening the file as any trojan would likely be targeting vulnerabilities in Microsoft Windows rather than Ubuntu Libreoffice?

What other possibilities are there? Would I need to spin up a virtual machine?

Before I posted this question I came up with another idea: sha256sum and Google. This leads to a positive identification as malware: https://www.virustotal.com/en/file/003837a453ab7dd0dda51804f4208b10009dc33a9a909e9689b82a1b993deea1/analysis/1454322062/

I am, however, still interested in safe ways to handle such documents.

I 'released' the file from the spamfilter and it would eventually arrive in my inbox (I just had to wait). Examining the 'Received' field of the email header indicated that the email was not from a the copy machine. I was initially considering that it could be someone scanning with the copy machine and sending the scan to the wrong email address (mine), - before I checksummed the file. — Finn Årup Nielsen, Feb 01 '16 at 19:36
["PSA: don't run 'strings' on untrusted files"](http://lcamtuf.blogspot.com.br/2014/10/psa-dont-run-strings-on-untrusted-files.html) — BoppreH, Feb 01 '16 at 20:33
@BoppreH I suppose that `strings` is not even safe. There has been issues with the program and other items in binutils I see http://www.ubuntu.com/usn/usn-2496-1/ — Finn Årup Nielsen, Feb 02 '16 at 10:40

score 1 · Answer 1 · answered Feb 01 '16 at 16:19

1

The only safe way to handle a document you suspect to be infected with malware is to delete it.

answered Feb 01 '16 at 16:19

PokeyBagelHole

152
3

the OP is asking how to open and not how to deal with it! – Alex Jones Feb 01 '16 at 16:54
1

"I am, however, still interested in safe ways to handle such documents." - there are no safe ways. My answer remains the same. – PokeyBagelHole Feb 01 '16 at 17:00
There was a marginal chance that it could be an important genuine file. The issue then is what to do in that case. – Finn Årup Nielsen Feb 01 '16 at 19:40

score 1 · Answer 2 · answered Feb 01 '16 at 17:58

1

If you think it's suspect, then it probably is.

Other than that, I use an isolated virtual machine for such things. Virtualbox works well.

answered Feb 01 '16 at 17:58

No Way

11
2

score 0 · Answer 3 · answered Feb 01 '16 at 15:14

LibreOffice should be fine to open it with. Most malware in MS Office docs is designed to exploit the macro and Visual Basic integration in Office.

The safest way to handle such documents though, is to just not open them. If you did not expressly use some copy machine which e-mails you documents in MS Office formats, then it's almost certainly going to be spam/malware.

score 0 · Answer 4 · answered Feb 01 '16 at 15:45

0

By default LibreOffice is pretty much locked down.
If you see Tools>Options>Libreoffice>Security you will find that only macros from trusted sources are allowed to run and untrusted are disable (default setting). You can also manage Trusted Certificates. Link are not allowed to be clicked with mouse cursor. If you want to open a link you have to press Ctrl too.

answered Feb 01 '16 at 15:45

Alex Jones

7,830
9
54
93

Ok, but what about vulnerabilities in Libreoffice of a kind like CVE-2012-2334? I suppose that we do not see much malware targeting Libreoffice, so that in most cases one would be safe. – Finn Årup Nielsen Feb 01 '16 at 19:27

score 0 · Answer 5 · answered Feb 01 '16 at 18:10

Save the attachment to your Google Drive (1 scan then).

Open it in Google Docs (another scan). Google has one of the BEST malware/viri engines.

To be really totally safe, then open the file on a Chromebook (another scan)

IMHO... I avoid MS products all I can, Libre Office is OK, but Google Docks "rocks" ... pun intended!

And you don't have the hastle of building/tweaking a VM

score 0 · Answer 6 · edited May 23 '17 at 12:39

0

If the format is .docx, you could use an unzipping program to extract only the XML files, then view the XML files with a text editor or browser.

See also https://stackoverflow.com/questions/14834270/security-of-unzipping-user-submitted-files.

edited May 23 '17 at 12:39

Community

1

answered Feb 01 '16 at 21:06

Jim K

1,403
10
14

Yes. However, in my case the file was a binary .doc file. – Finn Årup Nielsen Feb 02 '16 at 10:31

score 0 · Answer 7 · answered Feb 01 '16 at 21:18

0

Open it with gedit as a text document, you're going to meed to scroll through a LOT of HTML formatting but you can read it, but as stated earlier, if you're unaure delete it unopened.

answered Feb 01 '16 at 21:18

Edgar Naser

99
2

Wouldn't this approach only work for .docx files? The file was a binary .doc file. – Finn Årup Nielsen Feb 02 '16 at 10:33

How can I open a Microsoft Word document securely?

7 Answers7