ASSP_AFC 4.48 was too weak
ASSP_AFC 4.49 is possibly too strict, but very safe - it allows to use the
':PDF' switch
I'm just looking for a way to prevent false positives.
Thomas
Von: K Post <nntp.p...@gmail.com>
An: ASSP development mailing list <assp-test@lists.sourceforge.net>
Datum: 19.05.2017 16:28
Betreff: Re: [Assp-test] updated ASSP_AFC Plugin
Here's a sample PDF with javascript that runs at startup (populates a
field with the current date).
On Fri, May 19, 2017 at 10:16 AM, K Post <nntp.p...@gmail.com> wrote:
I tested with this new plugin installed and exe-bin blocking. This plugin
now blocks all pdf's that have javascript embedded right? That's not what
I experienced.
I created a simple pdf with a button. That button's action was to run
javascript to print the document. I emailed it to myself from gmail. It
was received, not blocked.
Am I missing something?
On Fri, May 19, 2017 at 9:48 AM, K Post <nntp.p...@gmail.com> wrote:
Thanks for this!!!
On Thu, May 18, 2017 at 10:22 AM, Thomas Eckardt <
thomas.ecka...@thockar.com> wrote:
Hi all,
I've just published ASSP_AFC.pm version 4.48 at SF-CVS.
This version contains an extension to detect embedded executable code in
real PDF files, if 'exe-bin' files are not allowed in the assp
configuration.
Currently detected are:
- java script - most times this is requred by the virus to open and run
any other embedded code
- ms office macros
- exe and com files
- wsh files
This extension is hard coded. There is no way to make an exception to
(e.g) :PDF - like for :ELF, :CSC :MSOM ...... - because such files
are every time malicious!
Currently it seems, that another ransomware attack is starting in
preparation for the weekend! Distributed are such real PDF files per
email!
I don't think that there will be a stupid 'killswitch' in the new viruses
to save the world.
I just saw that ClamAV (sanesecurity signatures) detected most of them -
they all are classified as UNOFFICIAL !!!!.
Thomas
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test