PDF Malformed-File
MartinDT
Newbie ✭
Hi,
We are finding that virtually every PDF is being blocked by the Anti-Spyware. Due to them being flagged by
pdf.MP_336 (Malformed-File) signature. Which is stopping users from downloading them.
This is the detection count for the last week. All from different sites.
It never used to be the case, but looks to have only started since installing the latest firmware.
I don't want to exclude this signature, or is this a new change in the latest update?
Thanks,
Category: Firewall Security Services
0
Answers
Which "latest firmware" are you referring to? I was planning on installing 7.0.1-5065 this weekend, but since we deal with a LOT of PDFs, I just may hold off.
Russ
Were running SonicOS 7.0.1-5052, didn't notice that 7.0.1-5065 came out this week.
I'll install that and see if it makes any difference. As there looks to be a lot of fixes in that version.
That's interesting. I'm still on -5051 and was originally planning on installing -5052 this weekend until I saw that -5065 came out and has supposedly fixed a number of issues introduced with -5052.
Please let us know. I will hold off our scheduled update because at least -5051 is reasonably stable for us at this point.
Russ
It's still the same with the new firmware, we have disabled signature pdf.MP_336 (Malformed-File), for now.
Sonicwall's pdf.MP_336 refers to CVE-2018-12754 which was published in July of 2018. It's odd that the anti-spyware engine would all of a sudden start false-flagging a signature that's nearly four years old (not impossible - just unlikely). Especially in lieu of the fact that no one else has chimed in on this thread with the same problem. Is your signature database current? Again, if it was a bad distribution of the database, I would think that others would have the same problem.
I think I will proceed with the update. If I suddenly start having problems, I'll post (after I roll back the version.)
Russ