Hi, I encountered an issue where ClamAV doesn't detect malicious payload in PDFs stored in a Launch Action. (PDF File Format Section 8.5.3 Action Types see "Launch Actions")
Here's an example: 8 0 obj << /Type /Action /S /Launch /Win << /F (cmd.exe) /P ( BLAH.. you get the point ...) >> >> endobj McAfee seems to detect this issue, admittedly in a very silly fashion but better than nothing, right... I was curious if there is something I am missing or maybe some past discussions on this topic. It seems like PDF Launch actions were a hot topic recently. Thanks in advance for any help with this! Best Regards, Atanas ---------------------------------------------------------------------- This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, notify the sender immediately by return email and delete the message and any attachments from your system. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
