Take potentially dangerous PDFs, office documents, or images and convert them to a safe PDF

Hi guys, just discovered https://dangerzone.rocks while looking into what projects Micah Lee is working (he’s the developer behind OnionShare) and found Dangerzone which seems very interesting : it’s open-source and its purpose is to be able to convert a document (pdf, word, excel, jpg, gif, etc…) into a new .pdf which will be safe to open. As I understand the document converted by the software is not send to a server (I don’t pretend to understand everything perfectly so feel free to correct me here). So let’s say someone send you a document and you are not sure if it’s the real document or a piece of malware … then Dangerzone will safely convert it to a .pdf where you can then read the document or see the image.

Found that an interesting software. I’m not at all affiliated with it. What do you think about it ?

P.S : not sure if here is the correct topic to create this post. If not, admins, don’t hesitate to delete/modify it. Thanks.

edit : a lot of typos and links.

6 Likes

i never dealt with pdf viruses but an easy simple way i would say open it online but yeah your way is good too :joy: so thanks! — can anyone tell me how it looks like virus in pdf files?

Free conversion to pdf and malware-free? I like it! :+1:

1 Like

Don’t know, never had to deal with that neither but I assume under a microscope it would look like a tiny tiny tiny spider crawling on a piece of paper.

:sweat_smile: I think it’s time for me to find the door and exit the room now.

1 Like

yup! getting my water gun ready, due they removed the real gun emoji :gun: — but for real tho i would like to deal with that kind of virus (like ones that were found in pictures, written inside it’s pixels)

PDF files can contain javascript, and in the past there were a lot of cases when that JS code used a vulnerability in the PDF reader’s APIs to run code that can do anything that a normal program can do.

Here is an example of how PDF malware can work: http://www.h-online.com/security/features/CSI-Internet-PDF-timebomb-1038864.html

1 Like

For windows, you can combine an exe malware with a pdf file INTO AN EXE FILE, so it will have the extension .exe but it won’t be a have the extension .pdf (unless there are some really rare 0day vulnerabilities that get patched once they’re known)
Every now and then we hear about some Agencies injecting a code into a pdf file that calls home to reveal the real ip address of a tor user. So make sure you always turn your internet off before opening any suspicious pdf file
(For Windows I would suggest installing shadow defender and freezing your system so it won’t affect anything, I don’t know any alternatives for Linux but running the pdf file inside firejail should limit the damage)
For Firejail you can use “firejail --net=none xreader fakepdf.pdf” so that it doesn’t have internet connection

Of course the best way is to have a dedicated virtual machine for this kind of files xD

1 Like

I’ve once read that Qubes OS has it’s own secure PDF converter (it prints the PDF in a disposable VM, and then it OCR’s it back in an another one).
Then I started searching for something similar and found DangerZone, but after it almost killed my OS with a “process bomb” (it’s main process started opening new ones very fast and indefinitely) I haven’t used it much.
Probably it was just a bug, but I’m uneasy with security software that has such bugs, and also I don’t like that I have to use Docker for it

Canary tokens can be embedded into PDFs. If you open it with access to the internet, it could notify a server made to listen to pings coming from these canary tokens. These could reveal your IP address through a DNS lookup.