Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /kunden/567486_14057/des.pdfv.org/wp-content/plugins/simple-history/loggers/SimplePluginLogger.php on line 1077

Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /kunden/567486_14057/des.pdfv.org/wp-content/plugins/simple-history/loggers/SimplePluginLogger.php on line 1095

Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /kunden/567486_14057/des.pdfv.org/wp-content/plugins/types/vendor/toolset/types/embedded/includes/wpml.php on line 650

Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /kunden/567486_14057/des.pdfv.org/wp-content/plugins/types/vendor/toolset/types/embedded/includes/wpml.php on line 667
Antivirus Developers! PDF Is Not a “Surprise”! – PDF Association

Antivirus Developers! PDF Is Not a “Surprise”!

By Duff Johnson

6. May 2011

Article

There's a common complaint in the antivirus community, this time about PDF and Adobe Reader, the new frontier for viruses, worms and other cyber creepy-crawlies.

Case in point: a post on the Avast! blog entitled: Another nasty trick in malicious PDF. Following an innocuous quotation from an out-of-date version of the PDF Reference, the author says:

“That’s another surprise from PDF, another surprise from Adobe, of course. Who would have thought that a pure image algorithm might be used as a standard filter on any object stream you want? And that’s the reason why our scanner wasn’t successful in decoding the original content – we hadn’t expected such behavior. To be fair, any data (text or binary) can be declared as an monochrome two-dimensional image – that’s the reason why JBIG2 algorithm works here.”

Why is this a surprise? It is common practice since PDF was released in 1993 to use multiple filters to encode streams in a PDF file. Multiple filters on a stream has always been part of PDF. If virus-scanning software claims to scan PDF files, that implies the developer has read the PDF Reference and knows how to parse the PDF format.

PDF files aren't exactly unusual – they're everywhere! Google counts almost 300 million PDF files online, and there are billions more in banks, government agencies, and elsewhere. Given the popularity of PDF for well over a decade, there's nothing in the PDF Reference that should come as a “surprise”.

I expect antivirus software developers to consider the possibility that an image filter could be used to encode non-image objects for nefarious purposes. If they do not expect such a possibility then they have failed in their chosen responsibility of protecting the public.

Read the rest of the article on appligent.com

ABOUT THE AUTHORS

Duff Johnson

A veteran of the electronic document space, Duff Johnson is an independent consultant, Executive Director of the PDF Association and ISO Project co-Leader (and US TAG chair) for ISO 32000 and ISO 1428 …

No items found
You are here: Start > Antivirus Developers! PDF Is Not a “Surprise”!

(c) Assosiation for Digital Document Standards e.V. | Privacy Policy | Imprint