It would be possible to decrypt the pdf and scan it for malicious content. The decryption process would be a bit expensive. The document below gives an overview of PDF encryption.
http://www.cs.cmu.edu/~dst/Adobe/Gallery/anon21jul01-pdf-encryption.txt Currently libpoppler supports encrypted PDF files. > If they're encrypted they should simply be rejected. Maybe this is the correct way to handle encrypted PDF files, although I know of a few companies and individuals that are email legitimate encrypted pdf files. It might be nice to implement this in Clam and simply add a CL_SCAN_PDF_ENCRYPTED flag to the API. Steve David Hinkle wrote: > If they're encrypted they should simply be rejected. Just like an > encrypted zip, vastly more likely to be a virus than anything > legitimate. > > David > > On 10/30/07, Gianluigi Tiesi <[EMAIL PROTECTED]> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Steve McDaniel wrote: >> >>> Is anyone working on adding support for handling encrypted PDF files? >>> >> there is a way to decrypt them? >> perhaps if there is one what should be the point >> to encrypting pdf? >> >> Regards >> >> - -- >> Gianluigi Tiesi <[EMAIL PROTECTED]> >> EDP Project Leader >> Netfarm S.r.l. - http://www.netfarm.it/ >> Free Software: http://oss.netfarm.it/ >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.1 (MingW32) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org >> >> iD8DBQFHJ8aO3UE5cRfnO04RAlc7AJ9Zz06QR0KBXsaFy+rVd1/tXShKAQCfb3u2 >> gc47woFJVtpe4Jp2OoNdGB8= >> =GvoY >> -----END PGP SIGNATURE----- >> _______________________________________________ >> http://lurker.clamav.net/list/clamav-devel.html >> Please submit your patches to our Bugzilla: http://bugs.clamav.net >> >> > _______________________________________________ > http://lurker.clamav.net/list/clamav-devel.html > Please submit your patches to our Bugzilla: http://bugs.clamav.net > _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
