Here's a sample PDF with javascript that runs at startup (populates a field
with the current date).
On Fri, May 19, 2017 at 10:16 AM, K Post <nntp.p...@gmail.com> wrote:
> I tested with this new plugin installed and exe-bin blocking. This plugin
> now blocks all pdf's that have javascript embedded right? That's not what
> I experienced.
>
> I created a simple pdf with a button. That button's action was to run
> javascript to print the document. I emailed it to myself from gmail. It
> was received, not blocked.
>
> Am I missing something?
>
> On Fri, May 19, 2017 at 9:48 AM, K Post <nntp.p...@gmail.com> wrote:
>
>> Thanks for this!!!
>>
>> On Thu, May 18, 2017 at 10:22 AM, Thomas Eckardt <
>> thomas.ecka...@thockar.com> wrote:
>>
>>> Hi all,
>>>
>>> I've just published ASSP_AFC.pm version 4.48 at SF-CVS.
>>>
>>> This version contains an extension to detect embedded executable code in
>>> real PDF files, if 'exe-bin' files are not allowed in the assp
>>> configuration.
>>>
>>> Currently detected are:
>>>
>>> - java script - most times this is requred by the virus to open and run
>>> any other embedded code
>>> - ms office macros
>>> - exe and com files
>>> - wsh files
>>>
>>> This extension is hard coded. There is no way to make an exception to
>>> (e.g) :PDF - like for :ELF, :CSC :MSOM ...... - because such files are
>>> every time malicious!
>>>
>>> Currently it seems, that another ransomware attack is starting in
>>> preparation for the weekend! Distributed are such real PDF files per email!
>>> I don't think that there will be a stupid 'killswitch' in the new
>>> viruses to save the world.
>>>
>>> I just saw that ClamAV (sanesecurity signatures) detected most of them -
>>> they all are classified as UNOFFICIAL !!!!.
>>>
>>> Thomas
>>>
>>>
>>>
>>> DISCLAIMER:
>>> *******************************************************
>>> This email and any files transmitted with it may be confidential,
>>> legally privileged and protected in law and are intended solely for the use
>>> of the
>>> individual to whom it is addressed.
>>> This email was multiple times scanned for viruses. There should be no
>>> known virus in this email!
>>> *******************************************************
>>>
>>>
>>> ------------------------------------------------------------
>>> ------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>> _______________________________________________
>>> Assp-test mailing list
>>> Assp-test@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/assp-test
>>>
>>>
>>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
