Mailing List Archive: ClamAV: devel

Encrypted PDF's?

Index | Next | Previous | View Threaded

steven at illconscience

Oct 30, 2007, 1:41 PM

Post #1 of 4 (1649 views)
Permalink

Encrypted PDF's?

Is anyone working on adding support for handling encrypted PDF files?
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

sherpya at netfarm

Oct 30, 2007, 5:04 PM

Post #2 of 4 (1558 views)
Permalink

Re: Encrypted PDF's? [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Steve McDaniel wrote:
> Is anyone working on adding support for handling encrypted PDF files?

there is a way to decrypt them?
perhaps if there is one what should be the point
to encrypting pdf?

Regards

- --
Gianluigi Tiesi <sherpya [at] netfarm>
EDP Project Leader
Netfarm S.r.l. - http://www.netfarm.it/
Free Software: http://oss.netfarm.it/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHJ8aO3UE5cRfnO04RAlc7AJ9Zz06QR0KBXsaFy+rVd1/tXShKAQCfb3u2
gc47woFJVtpe4Jp2OoNdGB8=
=GvoY
-----END PGP SIGNATURE-----
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

drachs at gmail

Oct 31, 2007, 8:11 AM

Post #3 of 4 (1563 views)
Permalink

Re: Encrypted PDF's? [In reply to]

If they're encrypted they should simply be rejected. Just like an
encrypted zip, vastly more likely to be a virus than anything
legitimate.

David

On 10/30/07, Gianluigi Tiesi <sherpya [at] netfarm> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Steve McDaniel wrote:
> > Is anyone working on adding support for handling encrypted PDF files?
>
> there is a way to decrypt them?
> perhaps if there is one what should be the point
> to encrypting pdf?
>
> Regards
>
> - --
> Gianluigi Tiesi <sherpya [at] netfarm>
> EDP Project Leader
> Netfarm S.r.l. - http://www.netfarm.it/
> Free Software: http://oss.netfarm.it/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFHJ8aO3UE5cRfnO04RAlc7AJ9Zz06QR0KBXsaFy+rVd1/tXShKAQCfb3u2
> gc47woFJVtpe4Jp2OoNdGB8=
> =GvoY
> -----END PGP SIGNATURE-----
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

steven at illconscience

Oct 31, 2007, 1:07 PM

Post #4 of 4 (1550 views)
Permalink

Re: Encrypted PDF's? [In reply to]

It would be possible to decrypt the pdf and scan it for malicious
content. The decryption process would be a bit expensive. The document
below gives an overview of PDF encryption.

http://www.cs.cmu.edu/~dst/Adobe/Gallery/anon21jul01-pdf-encryption.txt

Currently libpoppler supports encrypted PDF files.

> If they're encrypted they should simply be rejected.
Maybe this is the correct way to handle encrypted PDF files, although I
know of a few companies and individuals that are email legitimate
encrypted pdf files. It might be nice to implement this in Clam and
simply add a CL_SCAN_PDF_ENCRYPTED flag to the API.

Steve

David Hinkle wrote:
> If they're encrypted they should simply be rejected. Just like an
> encrypted zip, vastly more likely to be a virus than anything
> legitimate.
>
> David
>
> On 10/30/07, Gianluigi Tiesi <sherpya [at] netfarm> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Steve McDaniel wrote:
>>
>>> Is anyone working on adding support for handling encrypted PDF files?
>>>
>> there is a way to decrypt them?
>> perhaps if there is one what should be the point
>> to encrypting pdf?
>>
>> Regards
>>
>> - --
>> Gianluigi Tiesi <sherpya [at] netfarm>
>> EDP Project Leader
>> Netfarm S.r.l. - http://www.netfarm.it/
>> Free Software: http://oss.netfarm.it/
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.1 (MingW32)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>
>> iD8DBQFHJ8aO3UE5cRfnO04RAlc7AJ9Zz06QR0KBXsaFy+rVd1/tXShKAQCfb3u2
>> gc47woFJVtpe4Jp2OoNdGB8=
>> =GvoY
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> http://lurker.clamav.net/list/clamav-devel.html
>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>>
>>
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>

_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads