Re: Corrupt office, pdf, and other general use files

["John Morrison" <John.Morrison () galacoral com>]

You used to be able to get tools that would, en masse, convert files
from one format to another. Very useful when migrating from Lotus 1-2-3
to Excel. You could try one of those and then check its log file for
errors. There must be non-interactive converters to OpenOffice, docx,
pdf, etc. 

   
-----Original Message----- 
From: p1g <killfactory () gmail com> 
To:  <Robert.Yung () l-3com com> 
Cc:  <security-basics () securityfocus com> 
 
Sent: 16/04/2008 02:45:29 
Subject: Re: Corrupt office, pdf, and other general use files 
 
If you know when the software was installed, you could compare MAC 
times to the files you are trying to open. MAC = modified , accessed , 
created 
 
See if the files we actually modified since the 'malware' was installed.

 
Try opening the files on another computer. 
 
Just an idea :) 
 
On Mon, Mar 24, 2008 at 11:12 AM,  <Robert.Yung () l-3com com> wrote: 
> List, hope you can help. 
>
>  It has become apparent that a user may have installed malware which
has 
>  randomly gone through an entire drive and corrupted pdf, doc, xls,
and 
>  other general use office files.  When an attempt is made to open a 
>  corrupted file, Word (for example) will error out and say that the
file 
>  is not readable. 
>
>  Question is, does anyone know of a tool that will traverse an entire 
>  directory structure and check files of commonly known formats and
report 
>  back to say whether or not they are corrupt?  I need a way to
identify 
>  how widespread the problem is and see if there is a pattern to which 
>  files are corrupted.  The tool does not need to fix the file, I just 
>  require a report. 
>
>  Thanks in advance! 
 
 
 
--  
-p1g 
SnortCP, C|HFI, TNCP, TECP, NACP, A+ 
 ,,__ 
o" )~ oink oink 
 ' ' ' ' 
 
If you spend more on coffee than on IT security, you will be hacked. 
What's more, you deserve to be hacked. 
-- former White House cybersecurity czar Richard Clarke 


This email has been sent from Gala Coral Group Limited ("GCG") or a
subsidiary or associated company. GCG is registered in England with
company number 4639005.   You can contact us at GCG's registered office
address: Glebe House, Vicarage Drive, Barking, Essex, IG11 7NS, United
Kingdom (marked for the attention of the Company Secretariat).  You can
also contact us by the following means: telephone: +44 (0) 20 8507 5767;
fax: +44 (0) 20 8507 5788; email: hq () galacoral com; website:
www.galacoral.com.  

This e-mail message (and any attachments) is confidential and may
contain privileged and/or proprietorial information protected by legal
rules.  It is for use by the intended addressee only. If you believe you
are not the intended recipient or that the sender is not authorised to
send you the email, please return it to the sender (and please copy it
to hq () galacoral com) and then delete it from your computer.  You should
not otherwise copy or disclose its contents to anyone.  Except where
this email is sent in the usual course of business, the views expressed
are those of the sender and not necessarily ours.  We reserve the right
to monitor all emails sent to and from our businesses, to protect the
businesses and to ensure compliance with internal policies.  Emails are
not secure and cannot be guaranteed to be error-free, as they can be
intercepted, amended, lost or destroyed, and may contain viruses; anyone
who communicates with us by email is taken to accept these risks.  GCG
accepts no liability for any loss or damage which may be caused by
software viruses.