Re: [Assp-user] PDF Scanning

Tue, 10 Mar 2020 09:47:25 -0700 

Ken -

How are you managing these?  How are you releasing them??

thanks -

Bob

On 3/10/2020 12:14 PM, K Post wrote:
This is incredible!  Can you give some detail on what the system is that does this analysis, scoring, etc.  Then once confirmed okay, how does the user get the attachment that's been cleared?  This would be a HUGE benefit to my user base.  There's tons of pdf's that I'm releasing on a daily basis. 
Thanks
On Tue, Mar 10, 2020 at 10:36 AM Thomas Eckardt <thomas.ecka...@thockar.com <mailto:thomas.ecka...@thockar.com>> wrote: 

    Sorry - you wanted to know how we deal with such attachments.

    For me, ASSP_AFC marks them for a sandbox system for analysing and
    let them all pass. The sandbox system extracts all attachments to
    their atomic parts, let some windows VM's open every single part or
    attachment and analyses every VM memory for malicious code and actions.
    The sandbox system has ~600 blocking rules and several thousand
    scoring rules. If an attachment is classified as bad, the mail is
    moved to a quarantine for manual investigation.

    Thomas





    Von: "Robert K Coffman Jr. -Info From Data Corp."
    <bcoff...@infofromdata.com <mailto:bcoff...@infofromdata.com>>
    An: assp-user@lists.sourceforge.net
    <mailto:assp-user@lists.sourceforge.net>
    Datum: 10.03.2020 12:23
    Betreff: Re: [Assp-user] PDF Scanning
    ------------------------------------------------------------------------



    They all have this in common:

      'prohibited JavaScript in PDF file' - SHA256:
    D6CB05FFD99283A4C5C6BEAF37D0274B985E1D47DD3B12F08B348F42CC1A60CA

    However the checksums vary unfortunately.

    Thanks!

    - Bob

    On 3/10/2020 2:29 AM, Thomas Eckardt wrote:
    > It would be nice to know, why these PDF's are blocked - the reason  is
    > shown in the maillog.txt.
> > Thomas > > > > > > Von: "Robert K Coffman Jr. -Info From Data Corp." > <bcoff...@infofromdata.com <mailto:bcoff...@infofromdata.com>> 
    > An: assp-user@lists.sourceforge.net 
<mailto:assp-user@lists.sourceforge.net>
    > Datum: 09.03.2020 17:53
    > Betreff: [Assp-user] PDF Scanning
    > ------------------------------------------------------------------------
> > > > We are getting a large number of false positives on PDFs received. > > What are other people doing with these? > > Thanks! > > - Bob > > > > _______________________________________________ 
    > Assp-user mailing list
    > Assp-user@lists.sourceforge.net <mailto:Assp-user@lists.sourceforge.net>
    > https://lists.sourceforge.net/lists/listinfo/assp-user
> > > > > > > DISCLAIMER: 
    > *******************************************************
    > This email and any files transmitted with it may be confidential,
    > legally privileged and protected in law and are intended solely for  the
    > use of the
    > individual to whom it is addressed.
    > This email was multiple times scanned for viruses. There should be  no
    > known virus in this email!
    > *******************************************************
> > > > _______________________________________________ 
    > Assp-user mailing list
    > Assp-user@lists.sourceforge.net <mailto:Assp-user@lists.sourceforge.net>
    > https://lists.sourceforge.net/lists/listinfo/assp-user
> 


    _______________________________________________
    Assp-user mailing list
    Assp-user@lists.sourceforge.net <mailto:Assp-user@lists.sourceforge.net>
    https://lists.sourceforge.net/lists/listinfo/assp-user






    DISCLAIMER:
    *******************************************************
    This email and any files transmitted with it may be confidential,
    legally privileged and protected in law and are intended solely for
    the use of the
    individual to whom it is addressed.
    This email was multiple times scanned for viruses. There should be
    no known virus in this email!
    *******************************************************

    _______________________________________________
    Assp-user mailing list
    Assp-user@lists.sourceforge.net <mailto:Assp-user@lists.sourceforge.net>
    https://lists.sourceforge.net/lists/listinfo/assp-user



_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user





_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user

Reply via email to