I just received email telling me that BMW has selected me for a big prize and a brand new car, which is all very flattering and all considering that I drive a battered old 1996 Honda. But the cynic in me couldn't help wondering why the notification was in the form of an RTF document attached to the email when the information could just as easily have been inlined into the email body. Running "strings" on the document didn't show anything obviously suspicious (other than the request for all kinds of personal information, of course :-), and it scanned clean at Virustotal. OTOH we know that it's possible to have malicious content embedded in RTFs (e.g., see http://blogs.pcmag.com/securitywatch/2007/05/a_longignored_vulnerability_rt.php).
Short of actually opening the document (and so executing anything malicious it might harbor), is there any way to tell whether there's any executable content hidden in the file?