Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Exchange Defend: PDF
Exchange Defend: PDF (xdpdf) is designed to quickly and transparently render inert potentially malicious parts of a PDF document traversing a Microsoft Exchange server. Whenever xdpdf changes a PDF document it will advise the recipient of the email and keep a copy for administrative review if necessary.
The main goal of the project is to remove from the user the burden of making security decisions based upon the (usually incomplete) information available in an email. By removing potentially malicious behaviours from the PDFs users are protected from all malicious PDFs, which constitute the majority of malicious emails currently seen 'in the wild'.
See also: Design Philosophy
xdpdf works in the following way:
- It detects a PDF
- It scans the PDF for potentially undesirable keywords
- If a keyword is matched, xdpdf will: 1. copy the PDF to an administrator-specified location 1. overwrite the first two bytes of the keyword, preventing execution by the PDF reader 1. notify the user, instructing them to contact their mail administrator if they require the original document
See also: Implementation Notes
xdpdf is highly configurable. It has multiple log levels, as well as allowing administrative configuration of log and quarantine directories. In addition the administrator can specify if xdpdf should believe the attachment extension or MIME-type supplied by Exchange, or perform speedy PDF detection on all incoming attachments.
See also: Configuration