On 2021-06-07 13:58, Benoît Panizzon wrote:
So extracing the link URI from a PDF and checking this against URI
blacklists would probably be more clever.
its not url, its if pdf excute javascripts or contains macros that
autoload malware, so url is irrelevant
google yara, and foxhole
i use
Hi Rupert
> A clickable picture should trigger a web client only if the pdf
> contains a script for this action, which you can detect using clamav.
Interesting, we use clamav. Is this some special setting? A quick
google search did not reveal how to do this.
But I suspect, PDF containing clickab
A clickable picture should trigger a web client only if the pdf contains a
script for this action, which you can detect using clamav.
Original Message
On Jun 4, 2021, 08:19, Benoît Panizzon < benoit.paniz...@imp.ch> wrote:
Hi Gang
In the last couple of weeks, I have seen a lot o
Hi Gang
In the last couple of weeks, I have seen a lot of spam mails containing
just one single PDF, hardly any other text. That PDF again contains a
clickable picture leading to some phishing site or similar.
Of course the URL in the PDF is not being checked against URI
Blacklists.
Also creatin
