1

I understand online PDFs are prone to malware.

  1. If a WordPress website uses a lot of PDFs, is there anything I can do to the existing PDFs protect the website users and the website?

  2. What other file is safer to upload, but not subject to manipulation?

DRL
  • 13
  • 2
  • 3
    Do you own the website? Did you upload the PDFs or do other people provide them? Any file can be manipulated, even plain text files. – schroeder Apr 01 '17 at 10:14
  • 1
    A PDF validator would _probably_ screen out the kind of memory overruns that root devices, but I don't know that for a fact... – alexis Apr 01 '17 at 16:52

2 Answers2

5

I understand online PDFs are prone to malware.

Do you have a reference (or some background) for this statement?

As discussed in this question, a PDF certainly can be made to include malware, but I am not sure they are any more prone to malware than other file formats, e.g. flash, or Word/Excel/etc. Or .exe, .js, or other files you find online.

A big question here too is where your files come from: if they are from users, then you have the generic issue of dealing with arbitrary file uploads (see e.g. Should text files or image files be virus scanned during upload?).

If you are generating these PDFs yourself, then I would instead ensure that users can verify the integrity of what they download, for example by making a checksum available, and possibly by using GPG signatures.

I think the answers to your questions would require you to give a bit more background about your situation, and if possible, some idea of what risks you are specifically trying to guard against.

iwaseatenbyagrue
  • 3,631
  • 1
  • 13
  • 24
  • I don't read the question as a competition between formats; the point is that uploaded pdfs can contain malware (that's a fact), and therefore need to be validated or sanitized. – alexis Apr 01 '17 at 16:50
  • If generating PDFs, you may also want to consider using a certifying signature see [this blog post from Adobe](http://blogs.adobe.com/security/2012/03/what-is-a-certified-document-and-when-should-you-use-it.html) – Brandon Haugen Apr 03 '17 at 13:30
3

Non-executable file formats like PDF can be a vector for malware in two ways:

  1. through intentional features in the file format allowing the embedding of executable code (like macros or Javascript)
  2. through non-intentional features (aka bugs) in the application used for rendering the file format (such as your typical buffer overflow)

Both have been observed with PDF.

(I left out risks like phishing or fake codec installation since they do not relate directly to the question.)

To avoid the first risk, limit yourself to file formats that do not support embedded scripts, or scan uploaded files for embedded scripts and reject any file containing one. (You may also opt for stripping out the script but I'd recommend against it since it is an error prone operation and the result may be unusable.)

To limit the second risk, limit yourself to the simplest file format(s) possible. There's no absolute security, but the more complex a file format is, the higher the risk of bugs in the rendering application.

Tilman Schmidt
  • 881
  • 4
  • 7