tag:blogger.com,1999:blog-2672754150485551359.post6594185715836831600..comments2023-04-10T04:29:22.991-04:00Comments on The Security Shoggoth: Detecting Malicious PDFsTylerhttp://www.blogger.com/profile/15411793726236555303noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-2672754150485551359.post-49248851400876112992009-05-23T06:26:44.047-04:002009-05-23T06:26:44.047-04:00I recommend you drop the << from the scan: /...I recommend you drop the << from the scan: /OpenAction /JS<br /><< indicates the start of the dictionary, and keys inside the dictionary can appear in random order.<br /><br />And to increase the probability the snort rule only triggers for PDF documents, add %%EOF too.Didier Stevenshttps://www.blogger.com/profile/17537511475658709281noreply@blogger.com