On Wed, 2017-09-13 at 20:36 -0400, Alex wrote: > I understood that without the password the document would not be > visible, not just that it couldn't be changed. > Thats my understanding too. I've always been unable to see a password protected PDF until I supply the password: all you see when attempting to open it is the small password entry pop-up.
> I didn't see that there was ever a password required. I was able to > view the PDF and click the link enclosed. > In that case the PDF wasn't password protected. If you use the appropriate tools (less and some text editors, e.g. vi or gedit for those of us running Linux, BSD and other UNIX clones), you can see they have a similar structure to a multi-part email and, by reading their headers, you can see that the internal components can be compressed or encoded so its quite possible to build a non-passworded PDF which contains obfuscated and/or malicious content. I have a local rule that recognises harmful attachments by their extension. It include PDF in its extension list (along with exe, rtf, doc, docx and vbs) and scores them at 1.5 because all are executable or may contain macros that may activate when the attachment is opened. Martin
