braktech edited this page Apr 25, 2016 · 3 revisions

Exchange Defend: PDF

Exchange Defend: PDF (xdpdf) is designed to quickly and transparently render inert potentially malicious parts of a PDF document traversing a Microsoft Exchange server. Whenever xdpdf changes a PDF document it will advise the recipient of the email and keep a copy for administrative review if necessary.

The main goal of the project is to remove from the user the burden of making security decisions based upon the (usually incomplete) information available in an email. By removing potentially malicious behaviours from the PDFs users are protected from all malicious PDFs, which constitute the majority of malicious emails currently seen 'in the wild'.

See also: Design Philosophy


xdpdf works in the following way:

  1. It detects a PDF
  2. It scans the PDF for potentially undesirable keywords
  3. If a keyword is matched, xdpdf will: 1. copy the PDF to an administrator-specified location 1. overwrite the first two bytes of the keyword, preventing execution by the PDF reader 1. notify the user, instructing them to contact their mail administrator if they require the original document

See also: Implementation Notes


xdpdf is highly configurable. It has multiple log levels, as well as allowing administrative configuration of log and quarantine directories. In addition the administrator can specify if xdpdf should believe the attachment extension or MIME-type supplied by Exchange, or perform speedy PDF detection on all incoming attachments.

See also: Configuration

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.