Most effective way of screening .pdf .doc .rtf .mht for keylogger/malware

Discussion in 'other security issues & news' started by Anthoo, Apr 17, 2009.

Thread Status:
Not open for further replies.
  1. Anthoo

    Anthoo Registered Member

    Joined:
    Apr 14, 2009
    Posts:
    15
    Anyone have advice on the best AV or HIPS for screening or independent
    stand-alone online or download that can screen .pdf .doc .rtf .mht formatted files.

    Keylogger is potentially bespoke written and malware unknown?

    Regards
    Ant
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,

    These files do not contain executable malware per se. They will usually contain macro code, scripts and similar that will try to trigger downloads of additional, executable code from servers, so that it may be ran on the machine.

    These executions can only work if your system is vulnerable to remote execution, i.e. things can run without your explicit double-click.

    To solve the issue:

    Open docs in non-MS office programs, like OpenOffice or open them in MS office programs with macros disabled.
    Open emails in plain text (not html or scripts).
    Open pdfs with javascript disabled.
    Open mht files with javascript disabled.
    Open rtf in wordpad.

    So even if these files contain stuff, it won't be parsed and run and is therefore useless garbage.

    Mrk
     
  3. Anthoo

    Anthoo Registered Member

    Joined:
    Apr 14, 2009
    Posts:
    15
    Thx Mrk
    Excellent advice ;)
     
Loading...
Thread Status:
Not open for further replies.