On Thu, 3 Mar 2016, John Hardin wrote:
On Thu, 3 Mar 2016, Dianne Skoll wrote:
On Thu, 3 Mar 2016 13:03:44 -0800
Marc Perkel <supp...@junkemailfilter.com> wrote:
Thanks for the response. I'm in the spam filtering business and I'm
wondering what I can use (from the command line?) to detect if a PDF
has any kind of script attached that would be executable. that way I
might block based on what's embedded in a PDF.
There are tools. Google is your friend.
However, many legitimate PDF files contain Javascript snippets. Blocking
solely on that basis will lead to many FPs.
I'd argue the "legitimate" part of that statement... :)
Many editable PDF forms use javascript for input validation, like most of the
PDF forms you can download from irs.gov. (I'm not going to get in an argument
with you about how "legitimate" the IRS is ;)
Sounds to me like it should be: block any PDF with javascript/flash/java with
whitelisted bypass.
What sane MTA accepts bare executable attachments from the Internet at large
any more? The same policy should apply to PDFs.
Don't tell me you've never seen HTML e-mail with embedded javascript?
Some content creators think that e-mail should be a full-fledged HTML page.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
