blog: anti-phishing attachments with xplorer2

Discussion & Support for xplorer² professional

Moderators: fgagnon, nikos, Site Mods

Post Reply
User avatar
nikos
Site Admin
Site Admin
Posts: 15771
Joined: 2002 Feb 07, 15:57
Location: UK
Contact:

blog: anti-phishing attachments with xplorer2

Post by nikos »

here's the comment area for today's blog post found at
http://zabkat.com/blog/safely-examine-attachment.htm
Tuxman
Platinum Member
Platinum Member
Posts: 1610
Joined: 2009 Aug 19, 07:49

Re: blog: anti-phishing attachments with xplorer2

Post by Tuxman »

I find all e-mail attachments suspicious.
Tux. ; tuxproject.de
registered xplorer² pro user since Oct 2009, ultimated in Mar 2012
User avatar
pearliner
Member
Member
Posts: 54
Joined: 2016 Nov 24, 22:07

Re: blog: anti-phishing attachments with xplorer2

Post by pearliner »

but.. several pdfs i see only the hex preview instead text.

and docs,pdfs it is "impossible for me to get malware" because macros disabled.

can you send me samples from the phishing mails,docs ,i never get this cool stuff in my mailbox!
User avatar
nikos
Site Admin
Site Admin
Posts: 15771
Joined: 2002 Feb 07, 15:57
Location: UK
Contact:

Re: blog: anti-phishing attachments with xplorer2

Post by nikos »

if you don't get attachments, you are a lucky guy :)
if PDFs show as hex, perhaps they are images. Do you have xplorer2 professional or lite?
EMathews3
Bronze Member
Bronze Member
Posts: 87
Joined: 2014 Aug 23, 12:54

Re: blog: anti-phishing attachments with xplorer2

Post by EMathews3 »

Um. Using 4.2.0.1 ULT x64 2019-05-14. My Quick viewer Draft mode has never displayed anything. This is before and after changing PDF viewers on Win8. Even the context menu does not pop up. Native mode uses PDF X-Change Shell Extensions dll 7.0.328.2 so that context menu belongs to the viewer (zoom, next page, etc). How to diagnose the config, as far as what viewer 'should' execute in Draft mode? Edit / Extract Text causes xp2 to display a spinner, progress bar at 50%, and hang.
User avatar
nikos
Site Admin
Site Admin
Posts: 15771
Joined: 2002 Feb 07, 15:57
Location: UK
Contact:

Re: blog: anti-phishing attachments with xplorer2

Post by nikos »

try using this tool and see which PDF text filter you have installed?
you can try installing Sumatra PDF that definitely works. If you want to keep your old PDF viewer you can install just the shell extensions of Sumatra: www.zabkat.com/blog/pdf-reader-shell-integration.htm
EMathews3
Bronze Member
Bronze Member
Posts: 87
Joined: 2014 Aug 23, 12:54

Re: blog: anti-phishing attachments with xplorer2

Post by EMathews3 »

Looks like what's needed is re-installing the PDF viewer, or at least updating the registry to use a real viewer instead of Windows' default / glcndFilter.dll

Code: Select all

Shell extension information for .PDF ...
1. TEXT FILTER -----------------
X64: %systemroot%\system32\glcndFilter.dll {6C337B26-3E38-4F98-813B-FBA18BAB64F5}
X32: %systemroot%\system32\glcndFilter.dll {6C337B26-3E38-4F98-813B-FBA18BAB64F5}
2. PROPERTY HANDLER ------------
(nothing registered)
3. PREVIEW HANDLER -------------
X64: d:\folder\PDF-XChange\Shell Extensions\XCShInfo.x64.dll {9B68BDF7-95F9-4A1F-851C-27D822F8E3E9}
X32: d:\folder\PDF-XChange\Shell Extensions\XCShInfo.x86.dll {9B68BDF7-95F9-4A1F-851C-27D822F8E3E9}
4. THUMBNAIL PROVIDER ----------
X64: d:\folder\PDF-XChange\Shell Extensions\XCShInfo.x64.dll {644D29FB-8692-49A6-B37D-D11A4CCC7A6D}
X32: d:\folder\PDF-XChange\Shell Extensions\XCShInfo.x86.dll {644D29FB-8692-49A6-B37D-D11A4CCC7A6D}
EMathews3
Bronze Member
Bronze Member
Posts: 87
Joined: 2014 Aug 23, 12:54

Re: blog: anti-phishing attachments with xplorer2

Post by EMathews3 »

As Administrator:

Code: Select all

RegSvr32 "d:\folder\PDF-XChange\Shell Extensions\XCShInfo.x64.dll"
RegSvr32 "d:\folder\PDF-XChange\Shell Extensions\XCShInfo.x86.dll"
So ChkShXt gives:

Code: Select all

1. TEXT FILTER -----------------
X64: d:\folder\PDF-XChange\Shell Extensions\XCShInfo.x64.dll {74F7C392-4DFA-4F71-AFCE-31CA972AC619}
X32: d:\folder\PDF-XChange\Shell Extensions\XCShInfo.x86.dll {74F7C392-4DFA-4F71-AFCE-31CA972AC619}
Logged out of Windows and back in.
Also in Preview / Draft / right-click, un-checked "Text only" ... because PNGs had been displaying as text.
PDF-XChange's config program for this XCShInfoSetup.EXE finally shows all good https://postimg.cc/QHVw73WS
PDFs still display only in Native mode, and Draft mode shows "No preview available"
User avatar
nikos
Site Admin
Site Admin
Posts: 15771
Joined: 2002 Feb 07, 15:57
Location: UK
Contact:

Re: blog: anti-phishing attachments with xplorer2

Post by nikos »

the idea with this blog post is to use plain text only, not the native preview tab. From your posts there is a text filter for PDFs on your system. Does EDIT > EXTRACT TEXT menu command work on your PDFs?
EMathews3
Bronze Member
Bronze Member
Posts: 87
Joined: 2014 Aug 23, 12:54

Re: blog: anti-phishing attachments with xplorer2

Post by EMathews3 »

Yes, it does now. Was kinda surprised that it did, because last time I checked, before making the changes above, it did not.
Post Reply