Bob, totally logical and what I always do. It's a wonderful charity I work for, but sometimes middle management is only interested in their own skin. Fortunately, that's not the case with the vast majority of the staff and the small board of directors!
On Mon, Jun 1, 2020 at 11:47 AM Robert K Coffman Jr. -Info From Data Corp. < bcoff...@infofromdata.com> wrote: > >it's still me who gets in trouble for allowing them through in > >the first place.... > > I threw this to management. > > "I can allow these, or not allow them. This is the danger. You tell me > what you want." > > This is a management issue as far as I'm concerned. > > > - Bob > > > On 6/1/2020 10:52 AM, K Post wrote: > > FYI, I did more digging - 95% of these PDF's with javascript are "PDF > > portfolio" files created with Acrobat DC. That's when Acrobat is used > > to combine PDF's into a single one. The SHA256 differs. Always still a > > .pdf extension. I don't see a way to only allow those. Zero way to > > change sender behavior, so I think we just need to allow javascript in > > pdf. Makes me sad - and worried. > > > > On Mon, Jun 1, 2020 at 10:22 AM K Post <nntp.p...@gmail.com > > <mailto:nntp.p...@gmail.com>> wrote: > > > > Yep, Bob, I'm right on that threshold. The problem is that we've > > got volunteers and temps who need to get these messages. They're > > trained, but (being polite, let's just say) "haphazard" in their > > computer usage. I'm trying to protect them from themselves and us > > from them. > > > > We could use UserAttach to allow pdf's with javascript through to > > select users, but still, that doesn't protect when they randomly > > open on their cell phone with javascript automatically enabled. We > > could tell them "if you open, it's on you" but if something goes > > bad, it's still me who gets in trouble for allowing them through in > > the first place.... Thus, I'd rather strip a PDF of it's > > javascript - modifying the original and potentially breaking > > functionality, than risk bad javascript getting through. > > > > > > On Mon, Jun 1, 2020 at 7:20 AM Robert K Coffman Jr. -Info From Data > > Corp. <bcoff...@infofromdata.com <mailto:bcoff...@infofromdata.com>> > > wrote: > > > > This is a slippery slope. You are asking the mail filter to not > > just > > filter mail, but to actually modify the intended message from > > the sender. > > > > Banks and financial institutions are putting javascript in > > PDFs. I gave > > up on trying to filter it for the clients that deal with them. > > They > > were advised on the risks, they have a place to forward them for > > review > > if they think they might be questionable, and they know the onus > > is on them. > > > > - Bob > > > > On 5/31/2020 2:13 PM, K Post wrote: > > > That's wonderful news. I've never had cooked water before, I > > look > > > forward to trying it. > > > > > > Seriously though, if ASSP were able to call an external > > program when > > > javascript is found to strip out that javascript, it would be > > > incredible. What about using something like ghostscript to > > recreate the > > > pdf? Or maybe some sort of image tool to at least give users > > images of > > > the PDF so they could know whether it's necessary to ask for > > a resend? > > > > > > On Sun, May 31, 2020 at 4:54 AM Thomas Eckardt > > > <thomas.ecka...@thockar.com > > <mailto:thomas.ecka...@thockar.com> > > <mailto:thomas.ecka...@thockar.com > > <mailto:thomas.ecka...@thockar.com>>> wrote: > > > > > > >Is there any possibility of having ASSP modify PDF's > > with javascript > > > to strip the javascript and let the file through??? > > > > > > Yes, and assp is also able to cook water and to make fine > > weather. > > > > > > Thomas > > > > > > > > > > > > > > > > > > > > > Von: "K Post" <nntp.p...@gmail.com > > <mailto:nntp.p...@gmail.com> <mailto:nntp.p...@gmail.com > > <mailto:nntp.p...@gmail.com>>> > > > An: "ASSP development mailing list" > > <assp-test@lists.sourceforge.net > > <mailto:assp-test@lists.sourceforge.net> > > > <mailto:assp-test@lists.sourceforge.net > > <mailto:assp-test@lists.sourceforge.net>>> > > > Datum: 30.05.2020 18:04 > > > Betreff: [Assp-test] Possible to remove javascript from > PDF? > > > > > > ------------------------------------------------------------------------ > > > > > > > > > > > > We're blocking pdf's with javascript in them. The > > problem is that > > > more and more people are receiving legitimate pdf's with > > javascript. > > > > > > Yes, I can make exceptions by sender and SHA256, but > > that's a lot to > > > maintain. > > > > > > Is there any possibility of having ASSP modify PDF's with > > javascript > > > to strip the javascript and let the file through??? > > > _______________________________________________ > > > Assp-test mailing list > > > Assp-test@lists.sourceforge.net > > <mailto:Assp-test@lists.sourceforge.net> > > <mailto:Assp-test@lists.sourceforge.net > > <mailto:Assp-test@lists.sourceforge.net>> > > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > > > > > > > > > > DISCLAIMER: > > > ******************************************************* > > > This email and any files transmitted with it may be > > confidential, > > > legally privileged and protected in law and are intended > > solely for > > > the use of the > > > individual to whom it is addressed. > > > This email was multiple times scanned for viruses. There > > should be > > > no known virus in this email! > > > ******************************************************* > > > > > > _______________________________________________ > > > Assp-test mailing list > > > Assp-test@lists.sourceforge.net > > <mailto:Assp-test@lists.sourceforge.net> > > <mailto:Assp-test@lists.sourceforge.net > > <mailto:Assp-test@lists.sourceforge.net>> > > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > > > > > > > _______________________________________________ > > > Assp-test mailing list > > > Assp-test@lists.sourceforge.net > > <mailto:Assp-test@lists.sourceforge.net> > > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > > > > > > _______________________________________________ > > Assp-test mailing list > > Assp-test@lists.sourceforge.net > > <mailto:Assp-test@lists.sourceforge.net> > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > > > _______________________________________________ > > Assp-test mailing list > > Assp-test@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test >
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
