On Thu, 3 Mar 2016 13:27:18 -0800 (PST) John Hardin <jhar...@impsec.org> wrote:
[Dianne Skoll] > > However, many legitimate PDF files contain Javascript snippets. > > Blocking solely on that basis will lead to many FPs. > I'd argue the "legitimate" part of that statement... :) Well, maybe, but I think you'd lose that argument if you had to proved service to the clients we do. > Sounds to me like it should be: block any PDF with > javascript/flash/java with whitelisted bypass. If we did that, we'd have hundreds of support tickets pouring in... trust me on this. At least wrt Javascript. Not sure about Flash and I had no idea Java could be embedded in PDF... are you sure that's even possible? Regards, Dianne.
