Is it possible in the first place for malicious or executable code to occur in a PDF?
John T eServices For You > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Markus Gufler > Sent: Tuesday, April 26, 2005 10:40 AM > To: [email protected] > Subject: RE: [Declude.Virus] Adobe PDF embedded attachemt > > > > Although Adobe recommends enabling scanning all file types in > > order to scan a PDF (and ass/u/me'ing its embedded contents > > as well), an AV scanner is not currently going to be able to > > scan this encrypted content until the content has been > > rendered/unencrypted at the desktop. > > Is there any info from Adobe or any AV-company about the ability/possibility > to scan and detect such encrypted content. > > If there is any possibilty to detect encrypted PDFs I think declude should > be prepared to add "BANEXT ePDF" to the config file before there will appear > the first worms... > > At this point maybe I can place also the feature request that we can block > certain (archiving) file types if they have a small size and a suspicious > file inside. For example all ZIP-files below 100 kB and any executable file > inside. This should help to block new virus variants until there are > available appropriate signatures from the AV-companies. I'm not 100% sure > but I can't imagine why someone should send a legit zip-file having a small > executable inside. > > Markus > > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
