diff options
-rw-r--r-- | lualib/lua_content/pdf.lua | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/lualib/lua_content/pdf.lua b/lualib/lua_content/pdf.lua index 588117fc7..a531396db 100644 --- a/lualib/lua_content/pdf.lua +++ b/lualib/lua_content/pdf.lua @@ -32,14 +32,21 @@ local pdf_patterns = { }, javascript = { patterns = { - [[\s|>/JS]], - [[\s|>/JavaScript]], + [[/JS(?:[\s/><])]], + [[/JavaScript(?:[\s/><])]], + } + }, + openaction = { + patterns = { + [[/OpenAction(?:[\s/><])]], + [[/AA(?:[\s/><])]], } }, suspicious = { patterns = { [[netsh\s]], [[echo\s]], + [[/[A-Za-z]*#\d\d]], -- Hex encode obfuscation } } } @@ -145,6 +152,11 @@ processors.javascript = function(_, task, _, output) output.javascript = true end +processors.openaction = function(_, task, _, output) + lua_util.debugm(N, task, "pdf: found openaction tag") + output.openaction = true +end + processors.suspicious = function(_, task, _, output) lua_util.debugm(N, task, "pdf: found a suspicious pattern") output.suspicious = true |