Re: [Assp-test] More PDF Javascript catches

Thu, 10 Aug 2017 00:17:50 -0700 

One line of bad JS code is enough to completely destroy an IT environment 
(petabytes of data and thousands of machines in some minutes).
Such code can be encrypted, encoded and obviuscated in any not thinkable 
way.

It is simply not possible to classify JS code or to know how any of the 
hundreds PDF viewers will act on such code.

Accepting executable code from a sender is not a matter of classification 
- it is a matter of TRUST ! (I trust no one without human code 
verification)

Define ':CERTPDF' and request the sender to sign there PDF files.

For now, assp only checks that there is a certificated. In a future 
release the certificates may be verified and/or compared to a provided 
CERT-list.



Thomas





Von:    K Post <nntp.p...@gmail.com>
An:     ASSP development mailing list <assp-test@lists.sourceforge.net>
Datum:  09.08.2017 15:54
Betreff:        [Assp-test] More PDF Javascript catches




I really like the javascript detection in PDF files, but I've seen lots of 
false positives too.  

I keep meaning to report it.  One file that just got caught has only 2 
lines of javascript

6 0 obj
<</S/JavaScript/JS(this.zoom = 100;)>>
endobj


and

33 0 obj
<</Dests 31 0 R/JavaScript 32 0 R>>
endobj

Is there anything more that could be done to be less aggressive but still 
give us good protection?

Thanks! 
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally 
privileged and protected in law and are intended solely for the use of the 

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no 
known virus in this email!
*******************************************************


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Reply via email to