4

In case anyone isn't aware, the new Office 2007/2010 files are actually a type of archive file.

Since deploying some recent (ish) Microsoft updates to our client machines, we've been getting lots of reports of blocked and quarantined outbound emails containing the new Office file types, and upon investigation, it's because they contain [useless] .bin files within the Office file. For example:

Blocked emails

(And printer information of all things... I'm sure that's really useful to the guy in other company who won't use our printers. Thanks a bunch, Microsoft.)

In particular, the offending file is located under [file "root"]\xl\printerSettings, if that makes a difference.

This is causing a fair deal of business impact, so there's some pressure to get it resolved ASAP. The quickest (and dirtiest) solution I can come up with is to stop blocking .bin files by default, though I'm not really in love with this idea. We have enough issues with malware and viruses and such without allowing those through.

My first thought for a quick fix to this was to prevent Office 2010 from including .bin files in its archive, though I'm open to other suggestions (especially as this will only help us for outbound email). Has anyone who's encountered this issue found a way to do so, or found any fix besides opening up the mail filter or defaulting back to the old Office 2003 and prior filetypes?

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208

1 Answers1

4

I'm going to throw this down as an answer to my question, because it is, but I'm still interested in other solutions or more complete solutions.

The problem with this particular solution is essentially that it's not retroactive - so it's going to be very painful to correct the thousands of spreadsheets in existence which already have the printer settings saved to a .bin.

Anyway, the partial solution to this problem I've come up with so far is to add the below registry key and value:

[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Options]
"QFE_Sitka"=dword:00000001

Which I managed to extrapolate from this Microsoft KB, obviously altering the version number to the actual version of Excel that we use (version 14.0 == Office 2010).

Update:

The "complete" solution, since we can't get everyone to stop sending us Office 2007/2010 files with these crap attachments embedded in them (and I'm having trouble applying this registry setting to every Windows machine in the world) is the above hack, with some ungodly scripting to remove the .bin from our existing Office 2010 files for outbound email, coupled with a custom rule on our mail filter to (sigh) disable attachment blocks of .bin files when they're contained within an Office 2007/2010 archive filetype, for inbound email.

Seems like there's a wonderful exploit opportunity in there for malware authors to embed their payloads into a binary file inside an Office 2007/2010 document, and use a simple script or macro to execute... but that's a whole other problem for another day, I guess.

And, for what it's worth, I'll mark this as the accepted answer, since it's been 3 weeks, and I don't anticipate anyone coming along with a better answer... but I would be pleasantly surprised if someone stumbles across this and proves me wrong.

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208