PDF Viruses: Are Flattened PDFs Safe?

TL;DR

Flattened PDFs can contain viruses, though it’s less common than in interactive PDFs. The risk comes from malicious JavaScript or embedded files. Always scan PDFs with up-to-date antivirus software before opening them, and be cautious about PDFs from unknown sources.

What are Flattened PDFs?

When you ‘flatten’ a PDF, you remove interactive elements like forms, buttons, and annotations. It essentially turns the PDF into an image or a static document. This is often done to ensure consistent viewing across different devices and software. However, flattening doesn’t necessarily eliminate all potential security risks.

Can Viruses Hide in Flattened PDFs?

Yes, but it’s more complex than with interactive PDFs. Here’s how:

1. Embedded Files: A PDF can contain embedded files (like other PDFs, Word documents, or executables). These files might be hidden and could be malicious. Flattening doesn’t always remove these.
2. JavaScript: Even after flattening, some JavaScript code may remain within the document’s structure. Malicious JavaScript can still execute when the PDF is opened (depending on your PDF reader settings).
3. Exploits in PDF Reader Software: Vulnerabilities in the PDF reader itself are a major risk. A specially crafted PDF, even a flattened one, could exploit these vulnerabilities to run malicious code.

How to Protect Yourself

Here’s how to stay safe:

1. Scan PDFs with Antivirus: This is the most important step. Ensure your antivirus software is up-to-date and configured to scan PDF files.
2. Be Careful About Sources: Only open PDFs from trusted sources. Avoid opening attachments from unknown senders or downloading PDFs from suspicious websites.
3. Check File Size: An unusually large file size for a simple document could be a red flag, suggesting embedded content.
4. Use a Secure PDF Reader: Choose a reputable PDF reader with good security features. Adobe Acrobat Reader is popular and regularly updated, but alternatives like Foxit Reader are also available.
5. Disable JavaScript (Advanced): If you rarely need JavaScript in PDFs, consider disabling it in your PDF reader settings. This significantly reduces the risk of malicious code execution. In Adobe Acrobat Reader:

   Edit > Preferences > JavaScript > Uncheck 'Enable Acrobat JavaScript'

6. Sandbox PDFs (Advanced): Run PDFs in a sandbox environment to isolate them from your system. This prevents any malicious code from affecting your computer.

Scanning with Command Line Tools

For automated scanning, you can use command-line tools like ClamAV:

clamscan -r /path/to/your/pdf.pdf

This will recursively scan the PDF file for known viruses.

What if I suspect a PDF is malicious?

• Don’t open it!
• Delete the file immediately.
• Run a full system scan with your antivirus software.