Skip to main content
Content Starts Here Search Solutions

Solution Detail

 
Solution TitleCan a PDF document contain a virus?
Solution Number00000455
Solution Details

Background


The short answer is yes. Adobe Acrobat (the full version, not Adobe Acrobat Reader) is capable of embedding arbitrary documents or applications inside a PDF document.
That means that a malicious individual could embed an application that does damage when it is run. It also means that one can embed a virus inside a PDF document
The capability to embed documents or applications inside a PDF document has been around since Adobe Acrobat 4, and Adobe has long recognized that this feature could indeed be abused. As a precaution a quite severe error message is shown before any embedded document or application is opened.

To become infected by a virus embedded inside a PDF document, a user would have to do the following::

  • Open the PDF document attached to an email message inside the full Adobe Acrobat – the free Adobe Acrobat Reader does not support embedded files and will not allow the virus to run).
  • Double-click on the file attachment annotation inside the PDF document. This attachment cannot be run automatically – the user has to double-click on it before anything happens.
  • Ignore the warning message shown by Adobe Acrobat. This warning message looks like the image below.

 

This is a quite complicated process, and as a result the risk of being infected by a virus inside a PDF document is relatively small.
Still, it is important to know that it is possible to embed dangerous applications inside a PDF document. And as always, it’s important to be weary of attachments to email messages.

As you can see the warning message explicitly mentions the risk of viruses. This warning message cannot be hidden or avoided by the virus – a user has to click the 'Open' button to proceed.
 

 

Solution

Removing the threat: Users of Enfocus PitStop Professional and Enfocus PitStop Server can remove all embedded files from a PDF document by running an Action List.

Alternatively, users of Enfocus PitStop Professional, Enfocus PitStop Server and Enfocus Certify PDF can remove embedded files during preflight. To do this, they must preflight using a Preflight Profile that has the check for annotations (the last check on the "Varia" tab) set to "Remove" or "Remove and Log". Be aware that doing this will remove all annotations from your PDF documents, not just embedded file annotations.

 
Does this solution help you answer your question?