Access to PDF files is blocked due to the files being incorrectly decomposed to contain a zero byte javascript file.

Article Id: 158408

Status: Published

Updated On: 21-07-2014 07:30

Legacy Id: TECH210613

Products:

Protection Engine for Cloud Services , Protection for SharePoint Servers , Protection Engine for NAS

Issue/Introduction:

You are configuring Symantec Protection Engine (SPE) to block javascript files.

From the SPE console, under Policies --> Filtering --> Files, under the section "Blocking by File Name", the following settings are configured:

1. "Block files with the following names (one per line)" is checked.
2. "Block access to the file or message" is chosen and "*.js" is added.

When SPE scans PDF file, it blocks the file with the File policy violation triggered.

In addition, when using command line scanner to scan the PDF file, the following output can be observed:

File name: Actual PDF file name.pdf/javaScriptFile.js
Virus name: File policy violation File Name Blocked
Virus ID: -1
Unscannable: False
Disposition: Infected

Cause:

Decomposer from SPE extracts zero byte javascript file even though there is no javascript embedded in PDF file.

Resolution:

Symantec is aware of this issue. There is a patch available if you are experiencing this issue. Contact Technical Support for this download.

Applies To

SPE 7.0.2 or lower