View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000129 | file | General | public | 2020-01-10 16:26 | 2020-01-17 17:40 |
| Reporter | Fabian | Assigned To | christos | ||
| Priority | normal | Severity | feature | Reproducibility | N/A |
| Status | resolved | Resolution | fixed | ||
| Fixed in Version | 5.39 | ||||
| Summary | 0000129: Classification of SYLK Files | ||||
| Description | SYLK is an old Microsoft file format for spread sheets [1]. It recently got some attention as it can be used to weaponise documents as it can run macros [2]. It would be great to be able to classify SYLK documents with libmagic. This could be used to filter SYLK documents by true content. Information about the file format can be found on [3]. Summary: * SYLK files contain line-based operations which each start on a new line * Start with "ID". Possibly followed by ";P" but that is not mandatory. * Macros are enabled with the "O;E" operation. They are also enabled in combination with other options like "O;P;E". * Macros can be automatically executed with auto_open string. * The operations like "ID" "O;E" are case-sensitive. "auto_open" is case insensitive. Do you support adding SYLK classification to Libmagic? Just basing the classification on a file starting with "ID" may cause false positives. The classification could be made more precise by also checking whether support for macros is enabled. This would mean the classification is not for SYLK files, but SYLK files with macros. Two test files have been attached. [1] https://en.wikipedia.org/wiki/SYmbolic_LinK_(SYLK) [2] https://outflank.nl/blog/2019/10/30/abusing-the-sylk-file-format/ [3] https://outflank.nl/upload/sylksum.txt | ||||
| Tags | magic | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2020-01-10 16:26 | Fabian | New Issue | |
| 2020-01-10 16:26 | Fabian | File Added: sylk_test.slk | |
| 2020-01-10 16:26 | Fabian | File Added: sylk_test_obfuscated.slk | |
| 2020-01-10 16:26 | Fabian | Tag Attached: magic | |
| 2020-01-17 17:40 | christos | Assigned To | => christos |
| 2020-01-17 17:40 | christos | Status | new => assigned |
| 2020-01-17 17:40 | christos | Status | assigned => resolved |
| 2020-01-17 17:40 | christos | Resolution | open => fixed |
| 2020-01-17 17:40 | christos | Fixed in Version | => 5.39 |
| 2020-01-17 17:40 | christos | Note Added: 0003344 |
