[Mimedefang] How to parse pdf files or pass them to spamassassin

Benoit Panizzon benoit.panizzon at imp.ch
Fri May 29 10:29:31 EDT 2015


Hi Dianne

That also was my second thought.

But I notice that the was the link is embedded in the PDF, prevents it to be 
extracted by pdftotext.

Output by pdftotext

===========
Sehr geehrte Kunden,
die Warensendung mit der Nummer 184982474614 wurde an das Transportunternehmen 
übergeben. Die
Auslieferung erfolgt voraussichtlich am 26.05.2015.
http://nolp.dhl.de/nextt-online-public/set_identcodes.do?lang=de&idc=184982474614. (ZIP Format)
Viele Grüße
Ihre DHL
===========

And three more 'blank' page of white on white garbage text, they know they 
want to trick bayes filters...

Looking at the PDF code:

<< /Type /Annot
/Subtype /Link
/A 11 0 R
/Border [0 0 0]
/H /I
/Rect [ 209.6477 692.8435 281.6477 704.7235 ]
>>
endobj
11 0 obj
<< /Type /Action
/S /URI
/URI (http://MALWARE_URL)
>>
endobj

I'm not fluent in PDF, but I suppose, that is a box put on top of the link 
with action to open that URI.

I'll have a look at the PDF Info Plug-in as mentioned by Kevin. (thank you 
Kevin)

Mit freundlichen Grüssen

Benoit Panizzon
-- 
I m p r o W a r e   A G    -    
______________________________________________________

Zurlindenstrasse 29             Tel  +41 61 826 93 07
CH-4133 Pratteln                Fax  +41 61 826 93 02
Schweiz                         Web  http://www.imp.ch
______________________________________________________



More information about the MIMEDefang mailing list