Mailing List Archive

Re: Subject: behaviour of clamAV with password protected pdf file.
> Hi team ,
> We are using clamAVClient for scanning pdf and xlsx files in our Java
> program. We came across the query,
> does clamAV scan password protected pdf file or not? If yes ,
> how we can restrict it? Kindly suggest. Best regards, Nahin Bagwan

How do you expect ClamAV to know the password to decode the encrypted
files?

No it does not because it cannot.

If you are concerned that encrypted files could be a security,
quarantine these emails.

Best regards,

Olivier
--
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: Subject: behaviour of clamAV with password protected pdf file. [ In reply to ]
Compared to the following, encrypted PDFs are a very minor issue (in my opinion).

Most websites these days use HTTPS ("for security"), and make extensive use of Javascript (find a site that doesn't). This means that browsers are always executing code that can't be scanned (at least by ClamAV).

This flies in the face of the advice that we used to get in the days of DOS and early Windows -- don't download and execute code from random sources. Yet modern websites tend to pull Javascript from all over (as can be seen if you use NoScript). This is especially problematic with financial sites. (Do they screen their Javascript partners?)

I still use HAVP (which uses the ClamAV library), but it doesn't do anything really useful with HTTPS traffic. HTTPS traffic is like an endless stream of encrypted PDFs -- PDFs can optionally execute code, but Javascript always does.

I presume that some kind of browser modification could be devised to scan Javascript, but Firefox (for one) made that much more difficult when they radically changed their internal architecture a few years ago (partly for "security", they say).


On Tue, 14 Feb 2023 13:49:48 +0700
Olivier via clamav-users <clamav-users@lists.clamav.net> wrote:

> > Hi team ,
> > We are using clamAVClient for scanning pdf and xlsx files in our Java
> > program. We came across the query,
> > does clamAV scan password protected pdf file or not? If yes ,
> > how we can restrict it? Kindly suggest. Best regards, Nahin Bagwan
>
> How do you expect ClamAV to know the password to decode the encrypted
> files?
>
> No it does not because it cannot.
>
> If you are concerned that encrypted files could be a security,
> quarantine these emails.
>
> Best regards,
>
> Olivier
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat