Why do some Microsoft Office 2007 documents and spreadsheets trigger the Executable File rule?
Symantec Mail Security quarantines or otherwise acts upon one or more attachments.
When each attachment was edited, the Print settings were altered, causing Office to store a file called PrinterSettings1.bin file within the Office document. They are therefore detected with the Executable File rule, or custom compliance rules which detect files based on a .bin extension.
Beginning with the software release of Symantec Brightmail Gateway Version 7.7.0-17 this has been resolved, but only when performing an OS Restore to this version or a later version. If the upgrade is not an option at that moment in time, please use the work around described below.
To workaround this behavior, please do one of the following:
If a previous version was upgraded to 7.7.0-17 or later, and the issue still exists, please use the following steps:
Create another compliance rule to allow Office 2007 documents.
However, make sure that this rule is above the rule blocking executable files.
To create a rule to allow Office 2007 documents:
If version 8.0.2 or higher is already in use, it is recommended that the "extension is bin" condition be removed from the policy and instead to rely on the true file typing to protect against UNIX or Windows executable bin files. This is recommended due to the methodology used for processing policy rules changing after version 7.5, which now involves all rules being processed. This means that even if there is a rule for delivering Office documents normally, the rule for delete .bin attachments will still get activated.
The "Extension is bin" condition is part of the "Executable Files" list that comes with Symantec Mail Security by default.