I don't really know much about MIME types but I did a bit of reading before making this post. Now I know that DLP can have response rules that govern PDFs and their content, but can it tell the difference between a PDF with text content as opposed to one without text content?
Basically, if someone had a PDF with confidential information that should show up in a policy, but the PDF was created with the text as pictures instead of readable text, is there a way to have DLP pick up that it's an image-based PDF and not a text-based one?
I'm not expecting it to be able to block the image-based one based on the confidential information, but possibly an organisation would prefer to just block sending those kinds of PDFs on a whole. Kinda excessive but just a scenario that I was playing around with in my head. They would have to block all sending of images too if they wanted the policy to be useful anyway...print screen is an easy workaround in some cases...or find some way to disable the print screen button =P
Right now, the only way I can think of making DLP stop it is if I were to write a policy that identified all PDFs with absolutely no text in it, combine that with a rule to identify PDFs with confidential information, then just block all of them.
I was just wondering if there was a way for DLP to identify those kinds of PDFs at a lower level.