aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--lualib/lua_content/pdf.lua16
1 files changed, 14 insertions, 2 deletions
diff --git a/lualib/lua_content/pdf.lua b/lualib/lua_content/pdf.lua
index 588117fc7..a531396db 100644
--- a/lualib/lua_content/pdf.lua
+++ b/lualib/lua_content/pdf.lua
@@ -32,14 +32,21 @@ local pdf_patterns = {
},
javascript = {
patterns = {
- [[\s|>/JS]],
- [[\s|>/JavaScript]],
+ [[/JS(?:[\s/><])]],
+ [[/JavaScript(?:[\s/><])]],
+ }
+ },
+ openaction = {
+ patterns = {
+ [[/OpenAction(?:[\s/><])]],
+ [[/AA(?:[\s/><])]],
}
},
suspicious = {
patterns = {
[[netsh\s]],
[[echo\s]],
+ [[/[A-Za-z]*#\d\d]], -- Hex encode obfuscation
}
}
}
@@ -145,6 +152,11 @@ processors.javascript = function(_, task, _, output)
output.javascript = true
end
+processors.openaction = function(_, task, _, output)
+ lua_util.debugm(N, task, "pdf: found openaction tag")
+ output.openaction = true
+end
+
processors.suspicious = function(_, task, _, output)
lua_util.debugm(N, task, "pdf: found a suspicious pattern")
output.suspicious = true