1

I have recieved an email with a pdf file whose content I want, but I'm not exactly sure what the source of it is. In gmail, I have two options: "Download" and "Save to Drive". I'm assuming it means Google Drive. Is it safe to save the pdf file to drive and then look at it that way?

If so, once it's in drive, is it possible to somehow scan it for malware and then safely download it onto my computer?

Thank you.

Ovi
  • 111
  • 1
  • 1
  • 2
  • Use online multi Av checkers like VirusTotal and a sandbox to prevent IO and Network activity of malicious files like Sandboxie. – Mojtaba Tajik Sep 25 '18 at 05:53
  • 1
    Check whether this answer fit your requirements https://security.stackexchange.com/questions/18878/how-to-safely-view-a-malicious-pdf – mootmoot Sep 25 '18 at 09:48

2 Answers2

3

Antivirus nowadays give the option to autoscan possible infected attachments in emails however I have never use one and not sure if the web interface works with such kind of scanning. Using thunderbird for example or analog desktop app for windows would allow you to have the antivirus to scan it.

I would personally not do this however... instead, download the pdf manually, abstain yourself from opening it, upload it to virustotal.com wait for the report to show up (a minute max), afterwards upload the pdf to one of the many online providers which allow you to read pdf files online.

This way, you will be more secure than using the pdf into your adobe acrobat reader of similar app.

For more security use sandboxing when opening the pdf (for example Comodo Antivirus offers free sandboxing with their firewall), this way any attempt at infecting your machine will be twarted (and you can use this sandboxing in your browser so the real browser will mostly be left intact even when entering into websites embedded with malware)

Edited: And finally the last and better solution to this common problem! Download oracle box, download a linux image of debian, ubuntu or any other easy to use linux distribution, open the iso into oracle box and read the pdf through it. This way your real machine will never ever get infected (I recommend the usage of virtual machines as a daily way to browse the internet but that is me personally).

Having said so, gmail itself does have security and normally infected attachments would be picked by gmail itself unless they are access zero, encripted good by malware creator etc. However, pdfs are one of the most used ways to infect machines. Unless you know the sender of the pdf it would be safer to maintain a skeptic attitude and use precautions when watching it.

  • 3
    "This way your real machine will never ever get infected" - never say never when it comes to IT security and exploits. - The risk is extremely small if you use a Linux VM, but exploits to break out of VMs exist. – DetlevCM Sep 25 '18 at 08:22
  • Yeah I mean... if you go for the trouble of using this VM setup I talk about I would advice aswell to use two vpns at the same time (there are even good free vpns) and instead of a simple easy to use linux distribution use a foresincs linux distribution which tools would raise a big red flag in any malware trying to enter into the machine and preventing most malware to attack it in the first place because certain malware can even detect if security tools are installed or not. – FollowerOfLelouch Sep 26 '18 at 00:58
-3

First of all re confirm it is actually a pdf by checking the extension on the file. for example:word document end with a ".doc" excel files with a ".xls" and so on. Pdf documents end with a .pdf. if it has something extra say its written name-of-document.pdf.exe notice the extension is actually exe and not pdf thus high chances it could be malicious. second, its very hard for pdf to carry malware. However if a malicious guy intends to hit you with a malware infected file they may go the extra mile just for you. so lets go with worst case scenario (the paranoid live longer). Supposing it still does. how to go about it. Well turns out its like diffusing a bomb. So to diffuse it safely rule number one ask who is the email from?is it someone you know if so call them and ask if they sent you the mail to avoid phishing.(someone disguised as someone you know to obtain sensitive stuff from you) if No dont even bother opening and reading anything. But then again whats life without risks...you still want to know whats inside well then here is how you handle the bomb. Take the file download it bt do NOT open!go ahead and update your antivirus first then scan the file. if the antivirus is good and identifies it as a threat well delete if not lets continue diffusing the bomb. Take a virtual machine or a sandboxie to open the the file there. before you open disable java-script on your pdf reader program. Now lite the fuse. at least if it does blow up it wont touch any of your stuff.

Malekr
  • 1
  • 3
    It is hard for a PDF to carry malware? Says who? – forest Sep 25 '18 at 05:42
  • 2
    It's *not* hard for a PDF to carry malware. There's quite a few attack vectors that use PDF files, but it's also true that it's easier to just send out .pdf.exe files, as most people wouldn't notice either way. – DarkWiiPlayer Sep 25 '18 at 08:51
  • 1
    @DarkWiiPlayer Or a `*ism.pdf` file which is really `*fdp.msi` with an RTL character! – forest Sep 25 '18 at 09:33