[PLUG] scanning pdfs for viruses

John Jason Jordan johnxj at comcast.net
Sun Jan 9 17:57:30 UTC 2011


On Sun, 9 Jan 2011 01:54:31 -0800
Daniel Hedlund <daniel at digitree.org> dijo:

>On Sat, Jan 8, 2011 at 23:53, Keith Lofstrom <keithl at kl-ic.com> wrote:
>> Every once in a while, J. Random Technophile adds something cool to
>> my Server Sky wiki.  Recently, someone added a PDF attachment.  PDFs
>> apparently can contain viruses, so I opened this in a locked-down
>> account to make sure the content is OK, then uploaded it to an online
>> file virus scanner (virustotal.com) .  Any other suggestions?

>Most viruses are targeted toward Adobe reader and Windows.  I'm not
>sure I'd worry too much if you keep your system up to date and are
>using a reader such as evince or okular.  If you still have your
>doubts...

I have a few questions:

1) My understanding is that viruses contained in PDFs are javascript,
inasmuch as recent PDF versions allow javascript to be embedded. True
or not? Is there any other way to write malware into a PDF?

2) The code is executed only when the recipient opens the PDF, and it
must be opened only in Adobe Reader and a version prior to 9.0, or
Foxit Reader, more than a year old. Correct? Are there other readers
that can execute the code?

3) As far as I know there have been only two viruses so far. One
inserts the malware code into all the PDFs it finds on the computer,
and the other spams itself to every address it finds in Outlook. Is
this correct, or do I need further education?



More information about the PLUG mailing list