Access to PDF files is blocked due to the files are incorrectly decomposed to contain a zero byte javascript file.

Article:TECH210613  |  Created: 2013-09-16  |  Updated: 2013-10-10  |  Article URL http://www.symantec.com/docs/TECH210613
Article Type
Technical Solution


Issue



You are configuring Symantec Protection Engine (SPE) to block javascript files.  

From the SPE console, under Policies --> Filtering --> Files, under the section "Blocking by File Name", the following settings are configured:

1. "Block files with the following names (one per line)" is checked.
2. "Block access to the file or message" is chosen and "*.js" is added.

When SPE scans PDF file, it blocks the file with the File policy violation triggered.

In addition, when using commandline scanner to scan the PDF file, the following output can be observed:

File name: Actual PDF file name.pdf/javaScriptFile.js
Virus name: File policy violation File Name Blocked
Virus ID: -1
Unscannable: False
Disposition: Infected
 


Environment



 SPE 7.0.2 or lower


Cause



Decomposer from SPE extracts zero byte javascript file even there is no javascript embedded in PDF file.


Solution



Symantec is aware of this issue and will update this document when a solution becomes available.


Supplemental Materials

SourceETrack
Value3303631


Article URL http://www.symantec.com/docs/TECH210613


Terms of use for this information are found in Legal Notices