Access to PDF files is blocked due to the files being incorrectly decomposed to contain a zero byte javascript file.

book

Article ID: 158408

calendar_today

Updated On:

Products

Protection Engine for Cloud Services Protection for SharePoint Servers Protection Engine for NAS

Issue/Introduction

You are configuring Symantec Protection Engine (SPE) to block javascript files.  

From the SPE console, under Policies --> Filtering --> Files, under the section "Blocking by File Name", the following settings are configured:

1. "Block files with the following names (one per line)" is checked.
2. "Block access to the file or message" is chosen and "*.js" is added.

When SPE scans PDF file, it blocks the file with the File policy violation triggered.

In addition, when using command line scanner to scan the PDF file, the following output can be observed:

File name: Actual PDF file name.pdf/javaScriptFile.js
Virus name: File policy violation File Name Blocked
Virus ID: -1
Unscannable: False
Disposition: Infected
 

Cause

Decomposer from SPE extracts zero byte javascript file even though there is no javascript embedded in PDF file.

Resolution

Symantec is aware of this issue. There is a patch available if you are experiencing this issue. Contact Technical Support for this download.


Applies To

 SPE 7.0.2 or lower