On Thu, 3 Mar 2016, Dianne Skoll wrote:
On Thu, 3 Mar 2016 13:03:44 -0800
Marc Perkel <supp...@junkemailfilter.com> wrote:
Thanks for the response. I'm in the spam filtering business and I'm
wondering what I can use (from the command line?) to detect if a PDF
has any kind of script attached that would be executable. that way I
might block based on what's embedded in a PDF.
There are tools. Google is your friend.
However, many legitimate PDF files contain Javascript snippets. Blocking
solely on that basis will lead to many FPs.
I'd argue the "legitimate" part of that statement... :)
Sounds to me like it should be: block any PDF with javascript/flash/java
with whitelisted bypass.
What sane MTA accepts bare executable attachments from the Internet at
large any more? The same policy should apply to PDFs.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
USMC Rules of Gunfighting #2: Anything worth shooting is worth
shooting twice. Ammo is cheap. Your life is expensive.
-----------------------------------------------------------------------
10 days until Albert Einstein's 137th Birthday
