Christian Herdtweck

You are right. The `ms-msdt` links are always in content downloaded through external relationships. And yes, there is a function `find_external_relationships` in oleobj. I would not have expected it there,...

The filename and path probably make some sense if decoded with the proper encoding. However, I do not see how to find out that encoding, so I created the function...

That rtf looks like a minimal wrapper around the data it embeds, so I am afraid that does not help me much. Thanks anyway. On a side note: even the...

First of all: I am so sorry to be partially responsible for these problems. I created most of these "malicious" files and added them, not knowing that they would be...

Just stumbled over quite a few unittests that are still disabled and useless because of this issue. Any plans on this?

If this sample is publicly available, could we add it to our unit test samples and check that the customUI-threat is also detected in the future?

working on it, have fixes for tests in a related branch https://github.com/christian-intra2net/oletools/tree/unittest-automation (Actually, that only addresses some of the issues you mention. I did not see e.g. the first, how...

Ah, pytest, ok. I only run the tests as "python -m unittest discover" or similar commands. I do not understand where those windows line-endings come from. In my checkout of...

``` > file tests/olevba/test_basic.py tests/olevba/test_basic.py: Python script, ASCII text executable ``` Guess you are right. I recommend cloning the repo and working with that.

Let me know if your build fails again, happy to assist in distributing oletools :) (...but I am only available until 17:00, then on holidays for a week :) )