Most effective way of screening .pdf .doc .rtf .mht for keylogger/malware

Discussion in 'other security issues & news' started by Anthoo, Apr 17, 2009.

Thread Status:
Not open for further replies.
  1. Anthoo

    Anthoo Registered Member

    Joined:
    Apr 14, 2009
    Posts:
    15
    Anyone have advice on the best AV or HIPS for screening or independent
    stand-alone online or download that can screen .pdf .doc .rtf .mht formatted files.

    Keylogger is potentially bespoke written and malware unknown?

    Regards
    Ant
     
    Anthoo, Apr 17, 2009
    #1
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,027
    Hello,

    These files do not contain executable malware per se. They will usually contain macro code, scripts and similar that will try to trigger downloads of additional, executable code from servers, so that it may be ran on the machine.

    These executions can only work if your system is vulnerable to remote execution, i.e. things can run without your explicit double-click.

    To solve the issue:

    Open docs in non-MS office programs, like OpenOffice or open them in MS office programs with macros disabled.
    Open emails in plain text (not html or scripts).
    Open pdfs with javascript disabled.
    Open mht files with javascript disabled.
    Open rtf in wordpad.

    So even if these files contain stuff, it won't be parsed and run and is therefore useless garbage.

    Mrk
     
    Mrkvonic, Apr 17, 2009
    #2
  3. Anthoo

    Anthoo Registered Member

    Joined:
    Apr 14, 2009
    Posts:
    15
    Thx Mrk
    Excellent advice ;)
     
    Anthoo, Apr 17, 2009
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...