Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1596
Views
0
Helpful
1
Replies

Detect Javascript inside a PDF

eugenio.dipalma
Level 1
Level 1

‎12-27-2016 02:06 AM

Hi

Is there any way to block PDFdocument types that contain Javascript ? (Filters)

Labels:
0 Helpful
1 Reply 1

Libin Varghese
Cisco Employee
Cisco Employee

‎12-27-2016 02:44 AM

Hi Eugenio,

If you are looking for a specific javascript expression, the only solution is to use the message filter condition “attachment-binary-contains”.

However, filters such as below would not cover all kinds of javascripts inside PDF's since its not a security scanning engine.

PDF_JS_Finder: if attachment-binary-contains("^%PDF.*JavaScript/JS") {
notify ("personofinterest@company.com");
}

I do see an open internal feature request to allow thorough support for binary scanning of messages and attachments such as looking for the specific ASCII strings within PDF files that indicate the use of Javascript (""Javascript/JS"").

I would recommend using AMP scanning engines to detect malicious PDF attachments.

Regards,
Libin Varghese

0 Helpful
Customers Also Viewed These Support Documents