Compared to the following, encrypted PDFs are a very minor issue (in my
opinion).
Most websites these days use HTTPS ("for security"), and make extensive use of
Javascript (find a site that doesn't). This means that browsers are always
executing code that can't be scanned (at least by ClamAV).
This flies in the face of the advice that we used to get in the days of DOS and
early Windows -- don't download and execute code from random sources. Yet
modern websites tend to pull Javascript from all over (as can be seen if you
use NoScript). This is especially problematic with financial sites. (Do they
screen their Javascript partners?)
I still use HAVP (which uses the ClamAV library), but it doesn't do anything
really useful with HTTPS traffic. HTTPS traffic is like an endless stream of
encrypted PDFs -- PDFs can optionally execute code, but Javascript always does.
I presume that some kind of browser modification could be devised to scan
Javascript, but Firefox (for one) made that much more difficult when they
radically changed their internal architecture a few years ago (partly for
"security", they say).
On Tue, 14 Feb 2023 13:49:48 +0700
Olivier via clamav-users <clamav-users@lists.clamav.net> wrote:
> > Hi team ,
> > We are using clamAVClient for scanning pdf and xlsx files in our Java
> > program. We came across the query,
> > does clamAV scan password protected pdf file or not? If yes ,
> > how we can restrict it? Kindly suggest. Best regards, Nahin Bagwan
>
> How do you expect ClamAV to know the password to decode the encrypted
> files?
>
> No it does not because it cannot.
>
> If you are concerned that encrypted files could be a security,
> quarantine these emails.
>
> Best regards,
>
> Olivier
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
