-
# Conflicts: # tests/olevba/test_basic.py
-
Files provided by decalage2
-
File was created by myself, free to use
-
…porary workaround for #398), corresponding test files are now zipped with password 'infected-test' (for #215)
-
test-cases: add support for encrypted corpus
-
This is an interesting one since "our" old implementation of is_encrypted claims that the embedded file is still encrypted (which it is not), but the msoffcrypto-is_encrypted gets it right.
-
To avoid triggering antivirus engines, we can encrypt files with a default password and decrypt them before testing.
-
oleobj cannot detect yet that these are open office, but it can now treat them like regular zip files and find embedded objects in them. Samples are harmless, were created by me.
-
These 4 files contain dde-links to calc.exe and are encrypted with excel's standard password.
-
These are encrypted with the standard password hard-coded into excel to implement a form of write protection
-
oleobj: detect external links
-
Samples were created by me using Office 2010 on a Windows 7 machine, password is "encrypted", contents is trivial (no links, macros, ...) Encryption should be the CryptoAPI RC4 Encryption (see [MS-OFFCRYPTO])
-
oleid: detect OpenXML encryption
-
The pre-read test found a bug in oleobj for zipped-xml files. Will fix with next commit.
-
Will add excel test code and samples later, no need to have separate folders for different file types.
-
The test documents supplied here may contain DDE links but these only start calc.exe. No links to web pages there.
