Summary: | PDF's created with the "export to PDF" option are flagged "as executable and may harm" when posted to Google Drive | ||
---|---|---|---|
Product: | LibreOffice | Reporter: | Ton Kronos <tontentokronos> |
Component: | Printing and PDF export | Assignee: | Not Assigned <libreoffice-bugs> |
Status: | NEW --- | ||
Severity: | normal | CC: | buzea.bogdan, carlo.bertelli, mentoring, michael.stahl, mikekaganski, serval2412, vsfoote |
Priority: | medium | Keywords: | difficultyBeginner, easyHack, skillCpp |
Version: | 7.4.6.2 release | ||
Hardware: | All | ||
OS: | All | ||
See Also: | https://bugs.documentfoundation.org/show_bug.cgi?id=156477 | ||
Whiteboard: | |||
Crash report or crash signature: | Regression By: | ||
Bug Depends on: | |||
Bug Blocks: | 103378 |
Description
Ton Kronos
2023-05-20 10:27:37 UTC
Perhaps I wrongly read the links provided but the pb here is Google not LO. I mean /OpenAction is ok here and doesn't do anything malicious. It is important to use the correct wording. Google does not tag the files as "malicious files". It detects a code in the PDF which executes an *arbitrary* action *automatically* when the PDF is opened, and then informs the user about that fact, telling literally this: > Google Drive can't scan this file for viruses. > This file is executable and may harm your computer. This same warning would appear for *any* executable file, and does not *claim* that the file is malicious, but warns that it executes something, and they don't know what. This is reproducible. And it is unclear, why the *automatic action* is necessary for the *default* case, when all that we want is to show the very first page (using the default scale). So, this issue could be fixed by making the code that adds the action conditional - not executing in case when the very first page is shown with default settings. The code is https://opengrok.libreoffice.org/xref/core/vcl/source/gdi/pdfwriter_impl.cxx?r=7ea34aa6#5305 and the condition could be simply 'm_aContext.InitialPage > 0'. A separate improvement could be, if the dialog shown some infobar in case of other settings, which would add the action - to inform the user that "this PDF will include an OpenAction command, and can be flagged as executable by some programs". This happened to me when I was using CAC signature. It's the first time and version 7.4.6.2 happens to do it consistently. Italian certified email (PEC) stops messages with these attachments as well. VirusTotal says: "The sandbox DOCGuard flags this file as: GREYWARE" |