Ask Slashdot: How Do You Automatically Sanitize PDF Email Attachments?

Posted by samzenpus on Wednesday July 17, 2013 @02:03PM from the get-to-scrubbing dept.

First time accepted submitter supachupa writes "It seems the past couple of years that spearfishing is getting very convincing and it is becoming more and more likely someone (including myself) will accidentally click on a PDF attachment with malicious javascript embedded. It would be impossible to block PDFs as they are required for business. We do disable javascript on Adobe reader, but I would sleep a lot better knowing the code is removed completely. I have looked high and low but could not find a cheap out of the box solution or a 'how to' guide for automatically neutralizing PDFs by stripping out the javascript. The closest thing I could find is using PDF2PS and then reversing the process with PS2PDF. Does anyone know of a solution for this that is not too complex, works preferably at the SMTP relay, and can work with ZIPed PDFs as well, or have some common sense advice for dealing with this so that once its in place, there is no further action required by myself or by users."

3 of 238 comments (clear)

Min score:

Reason:

Sort:

Foxit Reader? by Anonymous Coward · 2013-07-17 14:06 · Score: 5, Informative

As far as I know, Foxit Reader strips out any JavaScript. The PDF readers in Chrome and Firefox also should do the same.
Be careful modifying documents by Anonymous Coward · 2013-07-17 14:14 · Score: 5, Informative

You can change the legality of a document for example by modifying it.
A solution that modifies the PDF viewer is much better than one that alters the document. That means not using Adobe. Pity the company refuses to build a version that doesn't do Javascript in the first place.
acrobat reader sanitized 100% by jjohn_h · 2013-07-17 18:43 · Score: 5, Informative

In the install tree find the file JSByteCodeWin.bin and rename it. Works for me.