Hi, I'm seeing an increase in the number of QR code spam that isn't being
caught. I'm not even sure it's being checked using zbarimg. Here's what I
have in ExtractText.cf:

extracttext_external    zbar            /usr/bin/zbarimg -D {}
extracttext_use         zbar            .jpg .png .pdf .webp
image/(?:jpeg|png) application/pdf
add_header              all             ExtractText-Uris _EXTRACTTEXTURIS_

Here's an example of the encoded PDF in an email that appears not to have
been scanned. Should I add "application/octet-stream" to the
extracttext_use line in addition to the others?

--===============5303414978067341145==

Content-Type: application/octet-stream
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="Telecommuting_Policy_2025-07-01.pdf"

JVBERi0xLjQKMSAwIG9iago8PAovVGl0bGUgKP7/AFIAZQBtAG8AdABlACAAVwBvAHIAawAgAFAA
bwBsAGkAYwB5ACAAfAAgAEkAbgB0AGUAcgBuAGEAbAAgAEgAUgAgAFAAbwByAHQAYQBsKQovQ3Jl
YXRvciAo/v8AdwBrAGgAdABtAGwAdABvAHAAZABmACAAMAAuADEAMgAuADYpCi9Qcm9kdWNlciAo

When I run zbarimg on the saved PDF directly, it does reveal the QR-code
link within the PDF.

Also, it's very slow because it has to spawn the binary with every request.
Is there a way to load it into memory or use a library version to avoid
having to do this every time? Sometimes salespeople send emails to 50+
people at a time with a legitimate PDF, but it has to spawn zbarimg for
each of them, nevertheless, so it could eventually be a denial-of-service.

Reply via email to