FYI, I did more digging - 95% of these PDF's with javascript are "PDF portfolio" files created with Acrobat DC. That's when Acrobat is used to combine PDF's into a single one. The SHA256 differs. Always still a .pdf extension. I don't see a way to only allow those. Zero way to change sender behavior, so I think we just need to allow javascript in pdf. Makes me sad - and worried.
On Mon, Jun 1, 2020 at 10:22 AM K Post <nntp.p...@gmail.com> wrote: > Yep, Bob, I'm right on that threshold. The problem is that we've got > volunteers and temps who need to get these messages. They're trained, but > (being polite, let's just say) "haphazard" in their computer usage. I'm > trying to protect them from themselves and us from them. > > We could use UserAttach to allow pdf's with javascript through to select > users, but still, that doesn't protect when they randomly open on their > cell phone with javascript automatically enabled. We could tell them "if > you open, it's on you" but if something goes bad, it's still me who gets in > trouble for allowing them through in the first place.... Thus, I'd rather > strip a PDF of it's javascript - modifying the original and potentially > breaking functionality, than risk bad javascript getting through. > > > On Mon, Jun 1, 2020 at 7:20 AM Robert K Coffman Jr. -Info From Data Corp. < > bcoff...@infofromdata.com> wrote: > >> This is a slippery slope. You are asking the mail filter to not just >> filter mail, but to actually modify the intended message from the sender. >> >> Banks and financial institutions are putting javascript in PDFs. I gave >> up on trying to filter it for the clients that deal with them. They >> were advised on the risks, they have a place to forward them for review >> if they think they might be questionable, and they know the onus is on >> them. >> >> - Bob >> >> On 5/31/2020 2:13 PM, K Post wrote: >> > That's wonderful news. I've never had cooked water before, I look >> > forward to trying it. >> > >> > Seriously though, if ASSP were able to call an external program when >> > javascript is found to strip out that javascript, it would be >> > incredible. What about using something like ghostscript to recreate >> the >> > pdf? Or maybe some sort of image tool to at least give users images of >> > the PDF so they could know whether it's necessary to ask for a resend? >> > >> > On Sun, May 31, 2020 at 4:54 AM Thomas Eckardt >> > <thomas.ecka...@thockar.com <mailto:thomas.ecka...@thockar.com>> wrote: >> > >> > >Is there any possibility of having ASSP modify PDF's with >> javascript >> > to strip the javascript and let the file through??? >> > >> > Yes, and assp is also able to cook water and to make fine weather. >> > >> > Thomas >> > >> > >> > >> > >> > >> > >> > Von: "K Post" <nntp.p...@gmail.com <mailto:nntp.p...@gmail.com>> >> > An: "ASSP development mailing list" < >> assp-test@lists.sourceforge.net >> > <mailto:assp-test@lists.sourceforge.net>> >> > Datum: 30.05.2020 18:04 >> > Betreff: [Assp-test] Possible to remove javascript from PDF? >> > >> ------------------------------------------------------------------------ >> > >> > >> > >> > We're blocking pdf's with javascript in them. The problem is that >> > more and more people are receiving legitimate pdf's with javascript. >> > >> > Yes, I can make exceptions by sender and SHA256, but that's a lot to >> > maintain. >> > >> > Is there any possibility of having ASSP modify PDF's with javascript >> > to strip the javascript and let the file through??? >> > _______________________________________________ >> > Assp-test mailing list >> > Assp-test@lists.sourceforge.net <mailto: >> Assp-test@lists.sourceforge.net> >> > https://lists.sourceforge.net/lists/listinfo/assp-test >> > >> > >> > >> > >> > DISCLAIMER: >> > ******************************************************* >> > This email and any files transmitted with it may be confidential, >> > legally privileged and protected in law and are intended solely for >> > the use of the >> > individual to whom it is addressed. >> > This email was multiple times scanned for viruses. There should be >> > no known virus in this email! >> > ******************************************************* >> > >> > _______________________________________________ >> > Assp-test mailing list >> > Assp-test@lists.sourceforge.net <mailto: >> Assp-test@lists.sourceforge.net> >> > https://lists.sourceforge.net/lists/listinfo/assp-test >> > >> > >> > >> > _______________________________________________ >> > Assp-test mailing list >> > Assp-test@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/assp-test >> > >> >> >> >> _______________________________________________ >> Assp-test mailing list >> Assp-test@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/assp-test >> >
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
