August 27, 2001

Product strips PDF files of nasty attachments, even for Linux systems

Author: JT Smith

- By Grant Gross -
Appligent Inc., a PDF-related applications provider, has released a free utility that protects some Linux and Unix users from PDF attachments, such as the recent Code Red worm.

Now, wait a second, wasn't Code Red a plague on Windows servers? Yes, but Appligent's utility makes more sense when you think about all the companies that use Linux or Unix mail servers in back of desktop networks that run other operating systems, says Mark Gavin, CTO of the Lansdowne, Pa., company.

Appligent's APStripFiles for Red Hat Linux, AIX, HP-UX, Sun Solaris, and Windows was released last week. From the accompanying press release: "Recent events, such as the Code Red Worm virus, have required the industry to rethink the safety of daily information transfer. One of
the mechanisms which has come under scrutiny has been the accepted
standard for document exchange, the PDF, or Portable Document Format
file. While this format is virtually immune to viruses, Adobe Acrobat
does allow the attachment of files to PDFs. This feature, if misused,
allows system vulnerability. Using our high-performance technology,
we produced a utility which will automatically strip any attachments
from PDFs without damage to the PDF itself."

Gavin adds that PDF files are universal containers. "You can really put anything into a PDF file," he says. "We've know for years that somebody could use a PDF file as a Trojan horse."

Appligent gives away APStripFiles and other small PDF-related utilities as a way to promote itself and several larger programs, such as SecurSign, which allows users to encrypt PDF documents on the server.

The APStripFiles utility took him about an hour to write using his company's SPDF library, Gavin says. "It's very easy for us to create small little utilities that do specific things," he says. "The problem is, if we actually sold it, that would be another (item) on our product list, and we have 10 already. It's actually easier for us to give it away for free than make a product and sell it."

The company offers for free several PDF-related utilities that Gavin doesn't think are feature-rich enough to be full products, but are useful nonetheless. In the case of APStripFiles, it's a little command-line utility that strips the attachments on PDFs and gives a report on what files they were, and who attached them. "It's a fairly simple utility that does what it's supposed to do and does it quickly," he says. "It strips the attachments from PDFs whether they're nefarious or not."

So does Gavin have Digital Millennium Copyright Act concerns about any of his products, especially since Adobe was involved initially in the Dmitry Sklyarov arrest? Gavin says Appligent has a relationship with Adobe, although it's not a very structured relationship.

Gavin admits, however, that he has some concern about updating the PDF encryption program SecurSign, which builds on Adobe security, because some of Adobe's 128-bit RC4 encryption code in its newest releases, Acrobat 5.0 and PDF 1.4, are not made public due to U.S. Commerce Department rules.

"We would very much like to take our SecurSign product and make it support standard Acrobat security at 128 bits," he says. "But to do that, we would need to reverse engineer what they've obfuscated. If we reserve-engineered their stuff ... and even though we're not decyrpting, in this case we're encrypting, it looks like we'd still be in violation of the DMCA."

Adobe, which first participated with the FBI in the Skylarov arrest, handled the situation badly, Gavin says, and would have been better served by fixing its security issues.

"Personally, I do not particularly think it's ethical to be producing a piece of software to basically go break other people's security, not matter how poorly implemented," he says of Skylarov's company Elcomsoft. "Whether that's illegal, I tend to think not."


  • Linux
Click Here!