Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

content filter on adobe containing java

Concerning the adobe / java vulnarability.
Does anybody know if it is possible to configure ironport to filter .pdf attachements with java?

http://isc.sans.org/diary.html?storyid=5902

6 REPLIES
New Member

Re: content filter on adobe containing java

You could test this by setting up a filter to look for a mime type attachment application/javascript.

New Member

Re: content filter on adobe containing java

You could test this by setting up a filter to look for a mime type attachment application/javascript.

PDF files are "application/pdf". They can contain embedded JavaScript, just as "text/html" files can. The media type "application/javascript" is for files that contain only JavaScript.

As to whether or not it is possible to detect a PDF with embedded JavaScript, that's for someone else to answer. It depends on how deeply, if at all, AsyncOS looks into PDFs. If you can do simple string matching against the contents of a PDF, and if JavaScript has some distinguishing string that you can look for, then that should be good enough. But I don't know enough about the internals of either AsyncOS or PDF to answer either one of those two "ifs".

New Member

Re: content filter on adobe containing java

Would the outbreak filters not catch something like this?

Scott

New Member

Re: content filter on adobe containing java

Would the outbreak filters not catch something like this?

Scott

New Member

Re: content filter on adobe containing java

Would the outbreak filters not catch something like this?

That depends on how much the infection spreads by e-mail. VOF looks for anomalous e-mail traffic flows, and so is geared toward identifying new email-borne outbreaks.

I'd actually expect antivirus software to work better here, but of course there is the normal latency involved for the AV companies to develop signatures.

New Member

Re: content filter on adobe containing java

Did you ever find a solution for this?

I am trying to find a way to filter PDF attachments that contain JavaScript with C360.  Does anyone know if that is possible?  If no, do you know of another option/product that will accomplish that?

611
Views
0
Helpful
6
Replies
CreatePlease to create content