OfficeMalScanner : Scan Office Documents for Macros Before Opening

Internet is full of all kinds of knowledge if you look in the right places using the right tools. But most of this knowledge is either in the text format or in some popular document formats like MS Word documents. When download such documents from the internet, you always take the risk of downloading malicious macros hidden inside such files. When you open these Microsoft Word, Excel or PowerPoint documents in your PC, these malicious macros can corrupt or infect the files in your PC. This is why you should always scan such documents before opening them.

You can use VirusTotal Uploader to upload any of suspicious files to VirusTotal servers and have them scanned using more than 40 different anti-virus engines. The results are displayed instantaneously. But you can also use some other tools to scan Office documents on your PC without having to access the internet. For example, you can use the OfficeMalScanner tool to find out whether a Office document contains a Macro script or not.

OfficeMalScanner is a command line interface utility and can quickly find out about the VB macros hidden inside the Office documents. Since such VB macros can only hide inside the Office 2007 type document format with extensions DOC, XLS, PPT, it supports only these file formats. The newer file formats DOCX, XLSX and PPTX cannot contain a VB macro inside them and so are not supported. However, it supports decompressing the newer file formats.


Using OfficeMalScanner is pretty easy. You have to give a command officemalscanner [file] info, where [file] is the full pathname of the Office document file being scanned. In the results, it will display if the file contains any macros. If you use the argument option scan instead then it will try to decrypt any encrypted macros and reveal them to you. Additionally, you can also decompress the new DOCX, XLSX, PPTX format files to a folder for inspecting them using the inflate argument.

OfficeMalScanner is only for advanced users as it does not differentiate between malicious and harmless macros. You have to go through the found macros to see what they intend to do. If you do no possess the necessary knowledge to understand the macros, then you should ask a friend or just refuse to open any documents containing macros.

You can download OfficeMalScanner from