Bugtraq mailing list archives
Re: Adobe PDF files can be used as virus carriers
From: Lars Hecking <lhecking () nmrc ie>
Date: Thu, 9 Aug 2001 10:20:50 +0100
[Moderator: reposted as requested by da () securityfocus com]
What this means is that virus scanners will now need to "reach inside" PDFs to scan encapsulated files. But what -- as I'm sure our Russian friend Dmitri would ask -- if the PDF is encrypted? Wouldn't the virus checker have to defeat the encryption to see the encapsulated file? And would it be an illegal "circumvention" mechanism if it did?
So what? The problem is not new - it already exists with zip files, and generally with all types of encrypted files. Here's e.g. what Sophos sweep tells you when encountering an encrypted zip file (here, it's inside an self-extracting zip archive. Aug 3 17:27:29 localhost amavis[16194]: Password protected file /tmp/amavis-10411997/parts/msg-16194-2.exe/SfxArchiveData/SETUP.WZ/WINZIP32.EX_ I would be extremely suspicious about "encryption" that can be circumvented by, say, a virus scanner. Is encryption really the problem as far as viruses are concerned? I'd say it is not. Decryption requires manual intervention by the user, and after that the problem is the same as before: applications that execute stuff automatically by default, or make it easy to circumvent any safeguards the user may have set. The new threat is that a hitherto unused file format is now used as a vector. Big deal.
Current thread:
- Adobe PDF files can be used as virus carriers Richard M. Smith (Aug 07)
- Re: Adobe PDF files can be used as virus carriers Nick FitzGerald (Aug 07)
- Re: Adobe PDF files can be used as virus carriers Brett Glass (Aug 08)
- <Possible follow-ups>
- Re: Adobe PDF files can be used as virus carriers Lars Hecking (Aug 09)