AW: .fdf spam

Derek Chee dchee at
Fri Aug 10 22:12:25 IST 2007

I'm not entirely convinced that these .fdf files are really FDF  
files.  Looking inside one, the header says PDF-1.5 while the PDF/FDF  
specification from Adobe says that the header should be FDF-1.2 if  
I'm reading it correctly, < 
en/pdf/PDFReference16.pdf>.  I think this might be a case where  
Acrobat Reader is not looking at the file extension to determine what  
to do, but instead looking at the file contents.  It sees that the  
file is really a PDF contrary to the extension and loads it as such.

-- Derek

On Aug 10, 2007, at 1:10 PM, Julian Field wrote:
> Hash: SHA1
> Eek! I think this is headed for the dangerous filenames list.
> R. Ehle (MailScanner Mailinglist) wrote:
>> Hi,
>> .fdf-Files normally are form data of pdf forms and might be  
>> dangerous.
>> If you fill in a form, which has been designed in Acrobat, you can
>> save the data as file (creates a .fdf file). Once you open the .fdf
>> file, it will automatically load the form (a pdf file) too, wherever
>> it is located at (i.e. from the internet)
>> Regards,
>> Roland
>> *Von:* mailscanner-bounces at
>> [mailto:mailscanner-bounces at] *Im Auftrag von
>> *Iad Scoot
>> *Gesendet:* Freitag, 10. August 2007 20:06
>> *An:* MailScanner discussion
>> *Betreff:* Re: .fdf spam
>> I think that .fdf files are generated from the Adobe SDK -  
>> basically a
>> dynamically-created pdf file.
>> On 8/10/07, *Gareth* <list-mailscanner at
>> <mailto:list-mailscanner at>> wrote:
>> Today I got my first .fdf spam. It looks basically like a pdf file  
>> and
>> acrobat opens it as usual but because of the different extension I
>> believe
>> the PDFInfo plugin did not scan it. I have mailed the plugin  
>> author to let
>> him know.
>> I doubt this method will last long. I had never heard of a .fdf file
>> before
>> so I suspect it is something a lot of people will add to the file
>> extensions
>> block list.

More information about the MailScanner mailing list