fixes in assp 2.5.6 build 17142

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

fixes in assp 2.5.6 build 17142

Thomas Eckardt/eck
Hi all,

fixed in assp 2.5.6 build 17142:

- the changes in assp.pl are only related to the updated ASSP_AFC V4.52

changed:

- ASSP_AFC.pm version 4.52 is released.
  This version is able to detect maliciouse executable code in PDF attachments
  The following blocking exception can be configured in blocking levels and 'userAttach'
 
 :PDF - adobe PDF file with embedded executable code or microsoft office macros files, JavaScript and bad URIs
  (using the :PDF exception is not recommended as this will disable all PDF executable scanning)
 :CERTPDF - certificate signed adobe PDF file
 :JSPDF - adobe PDF file with JavaScript inside - notice: well known malicious JavaScript combinations will be blocked,
  even this option is defined
 :URIPDF - adobe PDF file with URIs to download exeutables from the web or to open local files

Thomas



DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no known virus in this email!
*******************************************************


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: fixes in assp 2.5.6 build 17142

K Post
I still think that you should note in the GUI that exe-bin blocking does NOT block every PDF that has javascript in them - just those that seem suspicious.  

Otherwise, people will put JSPDF as an exception, out of fear that too many legitimate pdf's will be blocked. For example, we (unfortunately and irritatingly) get a lot of PDF files from legitimate sources that are fill out forms with lots of javascript in them. Had you and I not had the discussion that enlightened me that the AFC plugin intelligently scans javascript, I would have immediately put JSPDF as an exception because we need to insure that these files still reach us.  

On Mon, May 22, 2017 at 8:07 AM, Thomas Eckardt <[hidden email]> wrote:
Hi all,

fixed in assp 2.5.6 build 17142:

- the changes in assp.pl are only related to the updated ASSP_AFC V4.52

changed:

- ASSP_AFC.pm version 4.52 is released.
  This version is able to detect maliciouse executable code in PDF attachments
  The following blocking exception can be configured in blocking levels and 'userAttach'
 
 :PDF - adobe PDF file with embedded executable code or microsoft office macros files, JavaScript and bad URIs
  (using the :PDF exception is not recommended as this will disable all PDF executable scanning)
 :CERTPDF - certificate signed adobe PDF file
 :JSPDF - adobe PDF file with JavaScript inside - notice: well known malicious JavaScript combinations will be blocked,
  even this option is defined
 :URIPDF - adobe PDF file with URIs to download exeutables from the web or to open local files

Thomas



DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no known virus in this email!
*******************************************************


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: fixes in assp 2.5.6 build 17142

Thomas Eckardt/eck
>that the AFC plugin intelligently scans javascript

in doubt, the decision is 'block'

>I would have immediately put JSPDF as an exception

yes - this is the case, for whixh this  switch is implemented

Thomas




Von:        K Post <[hidden email]>
An:        ASSP development mailing list <[hidden email]>
Datum:        22.05.2017 19:13
Betreff:        Re: [Assp-test] fixes in assp 2.5.6 build 17142




I still think that you should note in the GUI that exe-bin blocking does NOT block every PDF that has javascript in them - just those that seem suspicious.  

Otherwise, people will put JSPDF as an exception, out of fear that too many legitimate pdf's will be blocked. For example, we (unfortunately and irritatingly) get a lot of PDF files from legitimate sources that are fill out forms with lots of javascript in them. Had you and I not had the discussion that enlightened me that the AFC plugin intelligently scans javascript, I would have immediately put JSPDF as an exception because we need to insure that these files still reach us.  

On Mon, May 22, 2017 at 8:07 AM, Thomas Eckardt <Thomas.Eckardt@...> wrote:
Hi all,

fixed in assp 2.5.6 build 17142:


- the changes in
assp.pl are only related to the updated ASSP_AFC V4.52

changed:


- ASSP_AFC.pm version 4.52 is released.
  This version is able to detect maliciouse executable code in PDF attachments

  The following blocking exception can be configured in blocking levels and 'userAttach'

 
 :PDF - adobe PDF file with embedded executable code or microsoft office macros files, JavaScript and bad URIs

  (using the :PDF exception is not recommended as this will disable all PDF executable scanning)

 :CERTPDF - certificate signed adobe PDF file

 :JSPDF - adobe PDF file with JavaScript inside - notice: well known malicious JavaScript combinations will be blocked,

  even this option is defined

 :URIPDF - adobe PDF file with URIs to download exeutables from the web or to open local files


Thomas



DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no known virus in this email!
*******************************************************


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!
http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list

[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!
http://sdm.link/slashdot_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no known virus in this email!
*******************************************************


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Loading...