'Re: [Clamav-devel] Encrypted PDF's?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       clamav-devel
Subject:    Re: [Clamav-devel] Encrypted PDF's?
From:       Steve McDaniel <steven () illconscience ! com>
Date:       2007-10-31 20:07:56
Message-ID: 4728E09C.3020101 () illconscience ! com
[Download RAW message or body]

It would be possible to decrypt the pdf and scan it for malicious 
content. The decryption process would be a bit expensive. The document 
below gives an overview of PDF encryption.

http://www.cs.cmu.edu/~dst/Adobe/Gallery/anon21jul01-pdf-encryption.txt

Currently libpoppler supports encrypted PDF files.

 > If they're encrypted they should simply be rejected.
Maybe this is the correct way to handle encrypted PDF files, although I 
know of a few companies and individuals that are email legitimate 
encrypted pdf files. It might be nice to implement this in Clam and 
simply add a CL_SCAN_PDF_ENCRYPTED flag to the API.

Steve


David Hinkle wrote:
> If they're encrypted they should simply be rejected.   Just like an
> encrypted zip, vastly more likely to be a virus than anything
> legitimate.
>
> David
>
> On 10/30/07, Gianluigi Tiesi <sherpya@netfarm.it> wrote:
>   
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Steve McDaniel wrote:
>>     
>>> Is anyone working on adding support for handling encrypted PDF files?
>>>       
>> there is a way to decrypt them?
>> perhaps if there is one what should be the point
>> to encrypting pdf?
>>
>> Regards
>>
>> - --
>> Gianluigi Tiesi <sherpya@netfarm.it>
>> EDP Project Leader
>> Netfarm S.r.l. - http://www.netfarm.it/
>> Free Software: http://oss.netfarm.it/
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.1 (MingW32)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>
>> iD8DBQFHJ8aO3UE5cRfnO04RAlc7AJ9Zz06QR0KBXsaFy+rVd1/tXShKAQCfb3u2
>> gc47woFJVtpe4Jp2OoNdGB8=
>> =GvoY
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> http://lurker.clamav.net/list/clamav-devel.html
>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>>
>>     
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>   

_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic