[prev in list] [next in list] [prev in thread] [next in thread]
List: clamav-devel
Subject: Re: [Clamav-devel] Encrypted PDF's?
From: Steve McDaniel <steven () illconscience ! com>
Date: 2007-10-31 20:07:56
Message-ID: 4728E09C.3020101 () illconscience ! com
[Download RAW message or body]
It would be possible to decrypt the pdf and scan it for malicious
content. The decryption process would be a bit expensive. The document
below gives an overview of PDF encryption.
http://www.cs.cmu.edu/~dst/Adobe/Gallery/anon21jul01-pdf-encryption.txt
Currently libpoppler supports encrypted PDF files.
> If they're encrypted they should simply be rejected.
Maybe this is the correct way to handle encrypted PDF files, although I
know of a few companies and individuals that are email legitimate
encrypted pdf files. It might be nice to implement this in Clam and
simply add a CL_SCAN_PDF_ENCRYPTED flag to the API.
Steve
David Hinkle wrote:
> If they're encrypted they should simply be rejected. Just like an
> encrypted zip, vastly more likely to be a virus than anything
> legitimate.
>
> David
>
> On 10/30/07, Gianluigi Tiesi <sherpya@netfarm.it> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Steve McDaniel wrote:
>>
>>> Is anyone working on adding support for handling encrypted PDF files?
>>>
>> there is a way to decrypt them?
>> perhaps if there is one what should be the point
>> to encrypting pdf?
>>
>> Regards
>>
>> - --
>> Gianluigi Tiesi <sherpya@netfarm.it>
>> EDP Project Leader
>> Netfarm S.r.l. - http://www.netfarm.it/
>> Free Software: http://oss.netfarm.it/
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.1 (MingW32)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>
>> iD8DBQFHJ8aO3UE5cRfnO04RAlc7AJ9Zz06QR0KBXsaFy+rVd1/tXShKAQCfb3u2
>> gc47woFJVtpe4Jp2OoNdGB8=
>> =GvoY
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> http://lurker.clamav.net/list/clamav-devel.html
>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>>
>>
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic