cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.0.0-698
Cloud Gateway Email Status Portal Support & Downloads docs.ces.cisco.com
Email and Web Manager: 14.0.0-404
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in: 1.1.0.136
Encryption Bug Search
Encryption Plug-in: 1.2.1.167
Cloud Mailbox Notification Service
Outlook Add-in(s): More info

874
Views
0
Helpful
6
Replies
thke
Beginner

content filter on adobe containing java

Concerning the adobe / java vulnarability.
Does anybody know if it is possible to configure ironport to filter .pdf attachements with java?

http://isc.sans.org/diary.html?storyid=5902

6 REPLIES 6
kyerramr
Beginner

You could test this by setting up a filter to look for a mime type attachment application/javascript.

Donald Nash
Participant

You could test this by setting up a filter to look for a mime type attachment application/javascript.

PDF files are "application/pdf". They can contain embedded JavaScript, just as "text/html" files can. The media type "application/javascript" is for files that contain only JavaScript.

As to whether or not it is possible to detect a PDF with embedded JavaScript, that's for someone else to answer. It depends on how deeply, if at all, AsyncOS looks into PDFs. If you can do simple string matching against the contents of a PDF, and if JavaScript has some distinguishing string that you can look for, then that should be good enough. But I don't know enough about the internals of either AsyncOS or PDF to answer either one of those two "ifs".

Would the outbreak filters not catch something like this?

Scott

Would the outbreak filters not catch something like this?

Scott

Donald Nash
Participant

Would the outbreak filters not catch something like this?

That depends on how much the infection spreads by e-mail. VOF looks for anomalous e-mail traffic flows, and so is geared toward identifying new email-borne outbreaks.

I'd actually expect antivirus software to work better here, but of course there is the normal latency involved for the AV companies to develop signatures.

craig.mccarty
Beginner

Did you ever find a solution for this?

I am trying to find a way to filter PDF attachments that contain JavaScript with C360.  Does anyone know if that is possible?  If no, do you know of another option/product that will accomplish that?

Content for Community-Ad