On Thu, 3 Mar 2016, David B Funk wrote:
On Thu, 3 Mar 2016, John Hardin wrote:
On Thu, 3 Mar 2016, Dianne Skoll wrote:
> However, many legitimate PDF files contain Javascript snippets.
> Blocking solely on that basis will lead to many FPs.
I'd argue the "legitimate" part of that statement... :)
Many editable PDF forms use javascript for input validation, like most of the
PDF forms you can download from irs.gov. (I'm not going to get in an argument
with you about how "legitimate" the IRS is ;)
That's about the only legitimate use I can think of, and surely that can
be done by less than a full programming language.
Sounds to me like it should be: block any PDF with javascript/flash/java
with whitelisted bypass.
What sane MTA accepts bare executable attachments from the Internet at
large any more? The same policy should apply to PDFs.
Don't tell me you've never seen HTML e-mail with embedded javascript?
Seen it? Yes. Defang it? Also yes.
Some content creators think that e-mail should be a full-fledged HTML page.
/me kicks sigmonster...
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
End users want eye candy and the "ooo's and aaaahhh's" experience
when reading mail. To them email isn't a tool, but an entertainment
form. -- Steve Lake
-----------------------------------------------------------------------
10 days until Albert Einstein's 137th Birthday