I have received an email from a not entirely trustworthy source, it might be legit but I'm not really sure. It contains, among other things, information on a .docx Microsoft Word file and a .xlsx Microsoft Excel file.
I have already scanned the files on http://virustotal.com and no viruses have been found, but I also read that macros can exist in the xml or zipped portion of the files themselves.
I am seeking ideas about pinpointing potential malicious intent, such as finding macros.
Macros cannot be saved in .xlsx files. Excel will refuse, and tell you to save it as an .xlsm file. If you save as .xlsm and then rename as .xlsx Excel will not open the file.
Assuming someone got around this restriction, then Excel will disable any macros found in an .xlsx file.
I do site IT support for a manufacturing plant, and I can tell you that sending Word and Excel documents to employees of another company is not common place, especially for sharing tips. I get these sorts of emails all the time and the tips are always contained within the email, included in a PDF, or a link to a page on their company web-site.
Within the organization, this is a different matter. Users within the organization often share Word and Excel files through email.
Sending zipped files on the other hand is common place both inside and outside of the organization. It's also 50%/50% on whether it's spam or not. The users I support forward me emails they received to determine if they were spam or not, and zipped files often accompany the spam emails. On the other hand, they frequently contact me for help when they receive ligitimate emails that contain zipped files or need to send one with a zip file. Often organizations have limits on the size of the emails they can send or receive and the users opt for zipping the files when they exceed those limits. But again, when companies send emails to share tips, I have never seen this.
Side Note: This is just my experience, but anytime a company (any company, not just an IT company) has to contact you first, they aren't very good at what they do and you should avoid them. When a company is good at what they do, the customers will come to them.
First rule would be to NEVER open unsolicited email attachments. It is simply extremely bad security practice. If you send me something suspicious like that and I don't know you, I'll tend to automatically blacklist you.
As far as formats, I normally see most companies use Adobe PDF for whitepapers. I can't remember the last time I saw whitepapers in raw Office format. It used to be that due to the macro issue, you only opened such files from trusted sources and even then disabled macros first. Another reasons you don't see that today is the metadata in the files can lead to embarrassing disclosures. (Which PDF isn't immune to! Something to keep in mind.)
If this is not a trustworthy source, or if you are even a bit suspicious, the best action is to simply delete the email. Specially if this is information you have not requested, or is not part of a previous information, or it isn't vital information for you.
If you can contact the sender to confirm the authenticity of the file, do so. If possible, ask then to re-send the information as a text-file (even PDFs can have malware).
If you really need access to the information, and can't get it in a new format, here's what I'd do: