Definitions
    • PDF

    Definitions

    • PDF

    Article summary

    Acroforms

    An 'Acrobat Form' in addition to looking like a form, may also contain active code (e.g., JavaScript) which could be malicious. They can also be used to hide objects inside other objects.

    Actions all

    An action within a PDF may be benign, but it’s designed to make the document dynamic. An attacker may use the action to trigger active code (e.g., JavaScript) or send data to a URL. The functionality can be misused to cause harm to the recipient.

    Allow

    The file is analysed and rebuilt with the defined risky content left intact (the object is not removed).

    Eg. you can configure Word so that macros are allowed (not removed) from Word files.

    Digital signatures

    The source document may have been signed with a digital signature. Whilst the signing may not represent a threat, if the ownership and trust of the certificate chain has been compromised, this could trick a user into viewing a document that could contain something malicious. The sanitise setting is a good option to select if there is any doubt about the provenance of the document.

    Disallow

    The file is analysed but not rebuilt if the defined risky content is found during analysis.

    Eg. you can specify that macros are disallowed from Word files. Word files are analysed and if macros are found the file is not rebuilt and is not made available to you.

    Dynamic data exchange

    Dynamic data exchange within Microsoft documents is known to present risk as the protocol may be used to execute malicious code on the recipient's computer.

    Embedded files

    Embedded objects within files may present risk if they provide a way for active code to be triggered, or to hide data within a document.

    Embedded images

    Embedded images within files may present risk if they provide a way for malicious content to be hidden inside the image.

    External hyperlinks / Internal hyperlinks

    External and internal hyperlinks may appear innocent. However, a link in a document may appear to have a different destination than the real link. Caution is advised when clicking on links in documents.

    Macros & Javascript

    Macros & JavaScript are forms of active code, which may be benign in nature, but all too often are used by bad actors to mount an attack against the user or receiving system when expressed in a business document.

    Review Comments & Metadata

    Metadata can reveal information which the owner may not intend to disclose to the recipient, such as review comments, or the original author's name.

    Sanitise

    The file is analysed and rebuilt with the defined risky content removed.

    Eg. you can specify that macros are sanitised (removed) from Word files.


    Was this article helpful?