On Thu, 3 Mar 2016, Dianne Skoll wrote:
On Thu, 3 Mar 2016 13:27:18 -0800 (PST)
John Hardin <jhar...@impsec.org> wrote:
[Dianne Skoll]
However, many legitimate PDF files contain Javascript snippets.
Blocking solely on that basis will lead to many FPs.
I'd argue the "legitimate" part of that statement... :)
Well, maybe, but I think you'd lose that argument if you had to proved
service to the clients we do.
Sounds to me like it should be: block any PDF with
javascript/flash/java with whitelisted bypass.
If we did that, we'd have hundreds of support tickets pouring in... trust
me on this. At least wrt Javascript. Not sure about Flash and I had no
idea Java could be embedded in PDF... are you sure that's even possible?
I didn't think that a pure ".exe" could be embedded in PDF until I ran accross
this little gem: http://blog.didierstevens.com/2010/03/29/escape-from-pdf/
(not sure if that vulerability is still there, but people hang onto old systems
for a looong time...)
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
