Hi Zenos,

I do not want to open these documents. Not all traders put invoices in the body of the email. Don't ask me why, it is just the way some traders do this. I don't see anything crazy about traders using word for invoices! Perhaps it is easier for their electronic filing? So I want Thunderbird to recognise them as spam when they have macros in them. At present if I get one of these invoices that looks like it is genuine, the only way I can find out for certain is to open it.

Word uses a proprietary and licenced MS format. To read the document you need a special program. Either the paid-for Office Suite, or part thereof, or a downloadable Viewer program. All this assumes you're able and willing to run Microsoft programs.

I don't use Microsoft. I prefer Linux. As it happens, the free Libre Office suite that comes as standard in many distros is able, to a limited extent, to view Office documents, and it wouldn't run macros so is in some respects actually superior to and and preferable to the real thing. But the assumption that you as a customer would have the means to view a proprietary document format seem to me to be rather short sighted.

OTOH pretty much all current platforms have already built in the ability to read PDF files. But if I sent you a odt document (Libre Office's native format), I wouldn't expect you to be able to view it without you jumping through hoops. It's just very poor practice to share around documents specific to any particular word processor. On the 'net we need to work to the lowest common denominator, for instance, txt, html, mp3, jpg, and formats intentionally designed to be cross-platform such as pdf.

As already discussed in this thread, and see the document http://www.decalage.info/vba_tools The macro part of the word document is in a subsection of the file called Macros for a word document and _VBA_PROJECT_CUR for an xls file. Not rocket science to find I would have thought.

I also use Linux and Libreoffice.

The basis of this thread is that I am asking for word attachments to optionally be treated as junk if they contain macros. I am not sent Libreoffice files as spam so I don't see how any discussion about Libreoffice is relevant.

wrectangle said

As already discussed in this thread, and see the document http://www.decalage.info/vba_tools The macro part of the word document is in a subsection of the file called Macros for a word document and _VBA_PROJECT_CUR for an xls file. Not rocket science to find I would have thought. I also use Linux and Libreoffice. The basis of this thread is that I am asking for word attachments to optionally be treated as junk if they contain macros. I am not sent Libreoffice files as spam so I don't see how any discussion about Libreoffice is relevant.

It is simple really... If you have the money I am sure there is a developer out there who will do the work for you to create an add-on that does exactly what you want with whatever attachments you want to examine. If you are not prepared to pay the development costs. It is not going to happen.

I'm trying to make the point that the ability to view a Word document is not an intrinsic capability of any computer, without additional software.

It is an unreasonable and unnecessary requirement upon a client (e.g. you) to have the ability to read a Word document simply in order to see an invoice. Sending out such documents in Word format is simply stupid.

Unless I'm expecting a Word document that I am collaborating with others to develop, any such unsolicited attachment goes straight into the bit bucket.

To Zenos And I'm trying to make the point that I am being sent spam (documents with macros), the spam checker is not picking it up and there is a simple check that could be made to class it as spam. Why are you expected me to do my own spam filtering when Tunderbird has a spam filter in it?

So, one particular brand of word processor is being used and inclusion of macros offends you.

If Thunderbird were to start parsing Word documents, both doc and docx, presumably, should it not also look at Excel spreadsheet files? Maybe all Office files? Then why not LO and OO files? Abiword, WordPerfect too? And all the other word processors I don't know about? And if any of these have ever changed the way they encode macros, should it try to track all the possible variants and obsolete models? Where do you stop?

Like many such requests, you have picked on the one obvious case that's bothering you today, without consideration of all the possible use cases and the more general problem of how to deal with all of them, or to decide which specific cases to limit yourself to and how to advise users that your limited solution is not a panacea for all ills?

You have been given useful guidance on what such a filter could look for, and given your specific concern about macros in Word documents, I think you have enough to build your own filter.

I wouldn't use the tool if provided because in my own experience, there is no corellation between macros, and spam or malware.

Word won't let me run macros without a definite confirmation from me. Your anti malware/AV solution may also have its own sentinel for macros. If you're opening Word documents in LO and Linux then why are you worried about Word macros?

I really don't think analysis of attachments is a job for an email client. But nevertheless, Thunderbird is designed to allow you to build your own filter. So if this matters to you, you can search the body of the email for the trigger text that marks a vba macro. If that proves to be beyond the capability of Thunderbird's filters, you can enhance them with an add-on such as FiltaQuilla and code your own solution using javascript if necessary.

Your suggestion that I need to consider Abiword etc is fatuous. Spammers would only use word and excel as these are the most used. You claim that I have been given lots of useful information on this thread. Apart from the excellent jscher2000 and one crumb of information from Matt, I have got almost nothing except negatives and what I have found out for myyself. You suggest that I set up a filter. Fine. How do I set one up to read attachments? As far as I can see Filtaquilla does not do that. You state that I should search the body of the "email for the trigger text that marks a vba macro". As far as I can see, the email has no idea whether there is a macro in the attachment or not. You have to read the attachment to find that out. And that is the nub of my problem. I think this thread has run its course. I'm just going to have to accept that the Thunderbird spam filter is not worth the name and that I'm not going to get a solution from this forum.

I wish to close this thread down. I asked the question "Why does thunderbird not have an option to put messages with macros in attachments directly into "junk"?" and the overwhelming view of this forum is that it is not appropriate for Thunderbird to read the attachments. Perhaps zenos is right about the number of things to be considered. For the very first time I got a spam message today from India claiming to be from USA with a "js" attachment. Needless to say that it was not picked up as spam. If I might summaries the view that it is not appropriate for Thunderbird to access attachments, for me this is aesthetics winning over functionality. I spent 30 years in the software industry and that is a first for me. I am from the age where functionality was the reason for software. I am genuinely shocked to find that this is no longer the case. It is a total waste of time for me and more importantly you people to further this thread. I would like thank everyone most sincerely for taking the time and trouble to respond, despite the fact that I disagree with you, it is genuinely appreciated that you have spent time on this.

It is a waste of everyones time to continue with this.

Js is a JavaScript attachment... I doubt it will be spam. But it is very likely malware. Malware detection is beyond the scope of a humble email client.

Contact your anti virus provider.

Hi wrectangle, it might help to understand that only very limited development resources are available for Thunderbird, and Mozilla depends heavily on the add-on developer community to fill gaps in functionality.

Also, it's totally unacceptable to receive mail with .js attachments in this millennium. You need to look into an email security service or program to effectively remove executable attachments. Today.