This is more of a feature request but interested in others experience with this.
You might not know but if you are using any Sophos Email Product (includes UTM, XG, PMUX, PMEX and Email Appliance) and wanting to stop encrypted content leaving or entering your environment via email. This feature will not block Password Protected PDFs.. Try it yourself.
Partly I understand the reasoning and am interested if others know of any product that does currently do this?
Fact is there are essentially two different kinds of Encrypted PDF - Password Protected PDF (User Password) and Content Restricted PDF (Owner Password)
Content Restricted PDF does not require a password to read/access but restricts things like printing, copying text and other restrictions. Both of these types of PDF are encrypted and show the same Encryption header in the file contents. An encrypted PDF has two passwords owner and user and they are related to each other so it takes some analysis of the file to determine if the user password is the default/blank - meaning that the file is opened with no password prompt (Content Restricted PDF).
A simple analysis of the strings/headers in a file does not give you enough information to distinguish between these two PDFs - It does tell you the PDF is Encrypted though. You need to analyse the file with a bit of math to figure out if the user password in non default.
So the Email Products being rather simpleish, in its analysis, cannot determine between them so as to ensure Content Restricted PDF (considered readable by users) are not blocked any PDF Encrypted or otherwise is allowed though as a readable file.
---
Just wondering what others think of this? and if they know of any other mail product that is able to distinguish? Also to lodge a feature request that it would be good if the Email Appliance could distinguish and appropriately block password protected PDFs as appropriate with any encrypted content restrictions.
Currently I only know of the tool "ExifTool by Phil Harvey" that can make this distinction. This tool is Open Source as with the Adobe PDF file specification so all of this is certainly possible its just that no mail product that I can discover seems to do this.
This thread was automatically locked due to age.