Goal: prevent users from opening malicious PDF files (and other types not easily blocked (Office?)?)
Current setup: users receive PDF files as email attachments, open with desktop viewer.
Problem; desktop viewer may be out of date, signature based AV is not that effective, PDF has the ability to embed various code- hard to detect.
General .exe, .scr, etc. file attachments are already blocked at mail server and through Untangle.
Possible method: use a central “server” to which all PDFs (all attachments?) directed. The PDF is then opened by the “server” and only a safe remote image is seen by the user.
Question: any software that does this for the purpose of protection?
I’ll assume for the moment because you’re talking about antivirus and such you’re describing a Windows environment.
Kind of killing a flea with a sledgehammer, but you could do all your email through Terminal Services/VDI/Citrix. And of course there would be the problem of the extra expense for licensing that. That way, your central TS server could be kept as up-to-date as possible. The risk of course is that if nasty bits do manage to get into that environment somehow, it affects everyone because now the server is infected.
I wonder what you can do with GPOs and such to keep all these desktops up-to-date.
You might consider a Linux Terminal Server too, where most people would agree is much less susceptible to these PDF et al. nasties, if all you need to do is use it to read emails. Beauty of that would be no licensing. There are several PDF readers for Linux, plus Adobe publishes their own for Linux platforms.
There are programs and online services that could convert the PDFs to images or other formats. I don’t know if any specifically designed to do this security purposes.
I don’t know if this is a possibility in your environment, but since the exploits are almost all for Adobe Reader, what about just standardizing on a different PDF viewer for users’ desktops? One with a minimum of features should be less vulnerable to attack.
What happens if a user downloads a malicious PDF from a website?