In this blog, I've been discussing the fact that of the 55 scanners examined (which is pretty much all available products), they all fail to detect malware in emails.
Yet all of them come with all sorts of claims, recommendations and certifications. How can this be? And what can be done?
The claims are similar to "detect 99.9% of in-the-wild malware". The problem is, that's not tackling the actual problem. The actual problem, is the malware emailed to me (and, most other people) every day, and the scanners don't detect anything bad in those. I dare say that the testers have 100,000 files collected over the years that these products do flag as malware. But that's not the problem. I'm getting a hundred or more emails per week with malware attachments, and if I relied on scanners to keep me safe, I'd be getting hit dozens of times per week.
So what can be done?
In other posts, I've explained what can be done. But talk, as they say, is cheap. What counts is action.
So I've taken action. I have, running on a Raspberry Pi, this page.
To use it, you click on the "Browse" button, choose the file that you want cleaned, then
click on "send the file".
The file uploads to my server, and then it converts the file to A) a pdf file, B) an rtf file and C) a text file. You can download any or all three of those, and read them. The pdf, rtf and text file format, does not support the existence of macros. So any macros that are in the doc file, whether malicious or benign, are not present in the pdf, rtf or txt files.
This doesn't tell you if there was anything malicious in the doc file. It just creates files that don't include macros.
You still have the original doc file, of course, and you'll probably want to delete it.
This service is free.
I'll be expanding it, if there's demand, to cover xls (Excel spreadsheet) files and possibly others. Another possibility would be to convert the file into a doc file but stripped of any macros.
Even better, would be to install something on your computer that did this automatically, but I'm not going to do that; I'll leave that to the 55 antivirus vendors that are capable of writing this software, but, as far as I can tell, have not.
Mostly, this is a demonstration of what can be done. Ask your antivirus vendor why they haven't.