On Thu, 2017-05-11 at 10:40 -0700, Mark Dwyer via evince-list wrote:
Recently received pdf email attachment from an unknown source and was reminded that these can contain viruses/malware. If there is a site that describes evince's hardening against such attacks, I was not able to find it.
I do not think so. I would start looking for Evince AppArmor profiles and Evince SELinux. AFAIK, Evince is commonly sandboxed by distributions. For example, in Ubuntu Evince's AppArmor profile is distributed in the Evince package: http://archive.ubuntu.com/ubuntu/pool/main/e/evince/evince_3.24.0-0ubun tu1.debian.tar.xz -- Germán Poo-Caamaño http://calcifer.org/
Attachment:
signature.asc
Description: This is a digitally signed message part