Sophos detecting PDF's as encrypted

Similar Messages

• Sophos detected 3 threats on my iMac but clean up failed. Any idea how i get rid of them please? 1 is Malware the other 2 Trojans. Thanks

  Sophos detected 3 threats on my iMac (Maverick OSX 10.9.5) but clean up failed. Any idea how i get rid of them please? 1 is Malware the other 2 Trojans. Thanks

  Thanks for your interest CSound & sorry I couldn't get back sooner. These are the full details from Quarantine Manager:
  Date                    Threat                    Filename                                   Action Available
  2 Feb 2015      Troj/Zbot-Goy           notification - the_royal_ban          Clean up failed
  2 Feb 2015     Troj/Agent -AIRO     sale 2014-12-08_8704...                Clean up failed
  2 Feb 2015     Mal/Phish-A               e document..html                          Clean up failed
  I did have a look at a 'manual' for sophos but couldn't make sense of how to go about trying to rid something if the automatic detection / clean up process didn't work.
  Any ideas?
  Thanks

• How can I have a .pdf that is encrypted (read only, no printing), but is searchable?

  I have a file containing secured .pdf documents.  These documents can be viewed electronically, but cannot be printed.  The security settings chosen are "Encrypt all document contents except metadata," and "Restrict editing and printing of the document."   All the documents have had "recognize text in this file" done on each one.
  The document is stored in a folder for scanned documents of this type on a network drive.  The document can be opened and read by anyone with an Acrobat Reader (we use version 8), but they cannot alter it or print it.  However, what is needed is a means to be able to search among all the documents in that folder for particular words within any of the documents.
  For example, I could open up the file, and using the "Search" function search "all files and folders" for the word "DEA."  The search engine should then call up every .pdf in that folder that has the word "DEA" somewhere in the text. 
  If there is no security applied to any of the documents this works just fine.  But when security is applied to the documents the search brings back "Seach is complete, there are no results to display."  The search engine will only find documents within that file that have no security enabled.
  Does anyone have any suggestions?
  Mogadeet

  We use Windows XP Professional, version 5.1, Service Pack 3.
  I enabled "copying of text, images and other content."  Then ran my test through the Adobe reader and the search engine worked as advertised (I searched for a single word found on the last page of the document, and it called up the document). 
  The next thing I had to worry about was the copying.  These are controlled documents and this is why we do not want them printable.  We do not have electronic signatures in use as defined in CFR 11, so the signed document is only permitted a certain number of controlled copies within the facility.  Trying copying produced readable and useful copies of the text, but not the signatures nor the template features, and other items like equations did not copy in a manner that made them look like those in the document (again, readable, but not exact reproductions).  This will undoubtably be satisfactory. 
  I think that simple solution solves the problem.
  Mogadeet

• Problem converting from pdf to doc (encrypted or corrupt file?)

  Hi everyone.
  I need to convert my resume (pdf) to doc so I can make a couple of edits, and then convert it back to pdf. Problem is, I can't seem to do it. I first tried straight from the program in adobe by saving the file as a doc, but the file formating was way too screwed up when I did that.
  So, I then googled around, and found zamzar.com. I tried that site, but kept getting conversion errors which said "file may be encrypted, password protected, or corrupt". I don't have any passwords or encryptions on it, so I tried downloading other conversion programs, but I kept getting the same types of errors.
  I checkd the "security properties" for the file, and I don't have anything. I also don't know how the file could be corrupt since I don't have any issues viewing it, and when I sent it to my friend via email, he was able to open it, too.
  Ihave recently been using Acrobat 9 pro extended version that I downloaded as a torrent from a reputable person. I just wanted to get a feel for the program, but maybe this is the problem, since any pdf I've saved since I began using it, seems to have that conversion issue, but I figure there has to be a workaround. I really don't know what the issue is, or how I can solve it, and so I'm stumped.
  Any suggestions would be really great.
  Thanks a lot.

  This is a good read for anyone attempting to convert a PDF to a Word document...
  http://www.planetpdf.com/enterprise/article.asp?ContentID=PDF-to-Word_Conversion_-_Why_it_ is_so_hard_to_do&gid=7837&fa

• Clip Notes .pdf error - "Bad encrypt dictionary"

  I'm using OS X Leopard (10.5)
  I created a Premiere Pro 2.0.1 project, added a couple of markers with comments, and exported to Clip Notes. I did not set any password protection. Emailed it as an attachment to a client who is using Windows, to see if they could open it. They could not, they received the following error message:
  "There was an error opening this document. Bad encrypt dictionary."
  Any ideas what this is? Is there a basic incompatibility between Mac-generated Clip Notes files and Windows platform? (I know that Mac can only export the video file in a Clip Notes .pdf as QuickTime, but that does not seem to be the problem here, the client does have QT on their Windows PC.)
  Apologies if this is the wrong forum, I could not find any obvious place to post questions about Clip Notes .pdf files.

  Same thing happened to me.  Update your adobe reader to the latest version.  Open the file with that reader instead of with your copy of adobe acrobat.  Unfortuanltey, you lose all the features of the adobe software, but at least you can read the file.
  Hope you are able to read the doucments from the utility.
  Note:  If you are saving pdf's save then in a version that will allow those who have at least acrobat 6.0.  Many orgnaizations and people are a couple of versions behind due to realative costs of upgrading.  This simple task will save you those emails about "bad encrypt dictionary" and allow many to read your pdf's with no problems.  At least that's been my experience.

• How do I print to "Adobe PDF" with an encrypted pdf?

  I've created a form in livecycle and I want the security to be set up as such:
  1) A password is required to edit the form in LiveCycle AND
  2) People can print the pdf to "Adobe PDF"
  I've been able to create livecycle password access, but when I put a password on the LiveCycle Access (currently: Printing Allowed: High resolution, Changes Allowed: Filling in form fields and signing existing signature fields), I get this error when I try to print it to PDF:
  %%[ ProductName: Distiller ]%%
  This PostScript file was created from an encrypted PDF file.
  Redistilling encrypted PDF is not permitted.
  %%[ Flushing: rest of job (to end-of-file) will be ignored ]%%
  %%[ Warning: PostScript error. No PDF file produced. ] %%
  How can I edit my form so I can do both.

  It´s quite some time I was solving this.. but as I already wrote and I can somehow remember(as far I´m not working on this platform for 3 years): printing 150dpi is one thing - it´s printing like a simple pic. Printing in hi-res works in completely different way - pdf must be redistilled with pdf distiller or how it was called. Means, there must be additional step before printing the pdf form. Cant remember the details.

• AES 256 Revision 6 (PDF 2.0) Encryption

  I am trying to implement decryption of AES 256 Revision 6 (PDF 2.0) as described in the ISO 32000-2 spec and having some success but getting some peculiar results that I cannot resolve and would appreciate some suggestions.
  Using Acrobat X on a PC and encrypting using password encryption compatible with Acrobat X, I created a set of about 20 Acrobat X encrypted PDF tests. When I ran these through our implementation to decrypt as following ISO 32000-2 particularly Algorithms 2.A and 2.B most decrypted successfully and produced correct output. However a few failed either in the authentication phase or in the intermediate key computation stage, with the latter showing an error by an invalid decryption of the first stream of PDF encountered. Next I tried another set of different tests and also got a similar pass rate. Finally I took one unencrypted PDF test and chose the same security settings of compatible with Acrobat X, restrict editing, and printing, and allowed print and used the same password for 15 generated versions of this PDF test. 13 of these 15 resultant encrypted tests ran successfully with our implementation of the Revision 6 decryption algorithm. Two failed, with one failing a match on both user and owner key and the other failing computing the intermediate owner key.
  In the past when we have implemented earlier Revision 5 256 AES, or even older compatibility versions it always was the case that you either had the software working or you didn’t. And the new PDF 2.0 2B algorithm with 64+ hashes and 64+ aes encryptions of data along with 16 byte mod 3 math computations leaves little room for error.
    I believe that Acrobat when encrypting is choosing a random AES IV and all data including input /U /O /UE, and /OE strings differ. Even for the case described above of the same input test, same password, and same Acrobat encryption options. Thus the input into Algorithm 2-B will differ but the output should for authentication match the first 32 bytes of the O or U key or should result in a correct final result for intermediate owner or user key if the corresponding match occurred above.
  However for the few exceptions that fail the above decryption it is not easy to determine what went wrong. Just about any change to the implementation of Algorithm 2.B breaks all working test cases instead of giving a clue as to what the issue is. The possible suspects are the new SHA-384 and SHA-512 and the encrypt code. We have used SHA-256 and the AES decrypt portion in earlier implementation of revision 5 and had no problems. The AES and hash code we are using is from Gladman1. I was wondering what others are using? It looks like Acrobat X is using RSA BSAFE Crypto – C2 at least for FIPS. Could Leonard or somebody else at Adobe tell me if this RSA software is also used in general with Acrobat X?
  And I think that it would be very beneficial to have and publish a set of test vectors given input into algorithm 2.B along with correct intermediate results for each step. For each hash – including which method used per step show hash results, and also encryption step results, number of steps beyond 64 minimum, as well as final result. For the 80% of tests I have working I could produce this info. For those tests I cannot get working I would need help. Perhaps someone at Adobe or elsewhere who has had greater success than I have can help? I can provide input for the problematic tests either through this forum or privately at [email protected].
  1) http://www.gladman.me.uk/
  2) http://blogs.adobe.com/security/2011/05/update-fips-validation-certificates-for-acrobat-an d-reader-x.html

  I create a simple file called 256encrypt.pdf and encrypted with aes256
  I am using "Algorithm 2.B: Computing a hash" from ISO32000-2 to verify the user password
  user password: password
  User string from the PDF test file : f4 65 f1 69 9a e2 ea 71 ba e7 6b 48 bb 12 8f 1f 18 74 e3 d3 e2 97 7e b8 d6 fe 9f 7f 86 b0 6d 89 c9 38 40 c5 64 dc 5a 32 04 4d 9c 6f 28 d2 98 d0
  User string hash value:  f4 65 f1 69 9a e2 ea 71 ba e7 6b 48 bb 12 8f 1f 18 74 e3 d3 e2 97 7e b8 d6 fe 9f 7f 86 b0 6d 89
  User Validatiaon salt: c9 38 40 c5 64 dc 5a 32
  User Key salt:04 4d 9c 6f 28 d2 98 d0
  The input for the "Algorithm 2.B: Computing a hash" is as follows:
  user Validation Salt: c9 38 40 c5 64 dc 5a 32
  password: 70 61 73 73 77 6f 72 64 (password)
  step 1: SHA256(password+user Validation Salt)
  the result is  K = 9d 47 2d 4e f0 96 cd dd 7a 8c 04 8d b4 d2 b8 ee be fe b9 9f 7f cc e1 29 ea 63 ad f2 a3 d5 11 5b
  step 2: Make a new string K1 with 64 repetitions of the input password and K
  K1= 70 61 73 73 77 6f 72 64 9d 47 2d 4e f0 96 cd dd 7a 8c 04 8d b4 d2 b8 ee be fe b9 9f 7f cc e1 29 ea 63 ad f2 a3 d5 11 5b
         70 61 73 73 77 6f 72 64 9d 47 2d 4e f0 96 cd dd 7a 8c 04 8d b4 d2 b8 ee be fe b9 9f 7f cc e1 29 ea 63 ad f2 a3 d5 11 5b
         70 61 73 73 77 6f 72 64 9d 47 2d 4e f0 96 cd dd 7a 8c 04 8d b4 d2 b8 ee be fe b9 9f 7f cc e1 29 ea 63 ad f2 a3 d5 11 5b
          70 61 73 73 77 6f 72 64 9d 47 2d 4e f0 96 cd dd 7a 8c 04 8d b4 d2 b8 ee be fe b9 9f 7f cc e1 29 ea 63 ad f2 a3 d5 11 5b
  Total 64 times , total length = 0xa00
  step3: Encrypt K1 with AES_128(CBC)
  AES_CBC_128_NOPADDING:
  Key = 9d 47 2d 4e f0 96 cd dd 7a 8c 04 8d b4 d2 b8 ee
  IV =   be fe b9 9f 7f cc e1 29 ea 63 ad f2 a3 d5 11 5b
  K1 64 repeat of the 70 61 73 73 77 6f 72 64 9d 47 2d 4e f0 96 cd dd 7a 8c 04 8d b4 d2 b8 ee be fe b9 9f 7f cc e1 29 ea 63 ad f2 a3 d5 11 5b
  Result : Total length is 0xa00. The beginning part of the E is
  E =
  47 df 2a 7f 90 8a c4 d9 f2 8b a0 f1 49 f0 8e 09 51 c4 a3 ce fd 28 48 f3 d7 c1 04 76 1b 6b 5b f2 6d 3d 2c 3f 03 26 76 06 d5 67 44 c8 2a b6
  10 02 a5 8d a7 93 4f 94 02 b9 bf 93 b5 2d 17 82 02 3b f7 8e 8a 07 0f 18 ed 19 b3 ba 55 8b 14 b7 45 16 80 47 4f 6e c3 b6 20 d2 72 cd d1 46
  2c d3 88 f7 c4 f7 e3 3a 04 3d 72 4f e0 d2 66 63 c4 9c 77 7c c5 53 fd 69 81 f6 3b 3d f5 8e b2 bd 66 4e 0f c6 1e 96 5e 91 e2 3d 60 5c 60 75
  a3 13 49 58 85 e8 bb 37 93 91 4c 4f 79 a5 80 f2 13 be 44 22 aa e5 ee 6c 29 2c 76 50 a3 15 85 69 5e e9 c5 29 13 2a f6 67 51 8e 1e 7f 23 8a
  90 a7 fe 93 c7 ff 45 ee 2a f0 c0 70 f1 78 2e 80 bd be 06 4f ad 69 4d 47 e6 3f ae e2 6a 76 ef 3e 56 8f 2d f5 c9 49 26 f3 7e 6e 61 8b 5e e6
  e6 2d dd 76 cd 30 33 1d fe bf 11 60 ce 33 35 43 da b7 33 9b b9 6a 86 cd 35 a0 ca 84 99 0c ca 71 28 b3 01 b9 23 b4 a0 87 4e fb ff af b6 bd
  step4:
  The result of the first 16 bytes of E mod 3 is 1
  step5:
  Using SHA384 to get 48 bytes K
  K = 29 de 28 c1 f0 17 c9 37 bd 93 97 e3 b5 51 b0 86 b9 0c 96 e0 77 28 87 1c 11 7b 41 ce 64 bf a8 7f f2 8b a2 7b 52 58 79 a9 63 c0 b2 31 f8 4e e4 6e
  This is the end of round 1 and go back to step 2 using this new K
  When round is equal or bigger than 64, check E[last byte], if E[last byte] > round -32, go back to step 2
  The final round is 69. and the final result is
  K = ab 7c c6 03 bc da 85 51 3f 3d 22 fb 58 8c 42 1d 45 67 55 92 9f 4f d2 41 b3 93 07 04 7d b1 30 6d
  But this K does not match with the first 32 byte of the user string.

• Quartz 2D PDF Merge and encrypt

  Hi,
  I am absolutely new to this forum and we (my company) are doing some IPad and IPhone Development. I have a Java background and are doing currently some technology proof with X-Code and Objective-C. I want to drag two (or more) pdf-files on the Dock-Icon and merge them (including Tiger). Ideally I want to set some security options for the merged pdf. The drag and drop works fine, now I have to combine them. It proofed to work using the libraries ghostscript or podofo, but thats kind of a detour as all I learned from the quartz 2D docs that this is a core part of quartz. And using the libs there are unneccessary library dependencies and its a linux-way to solve it but not an Objective-C-way.
  My understanding is now that I can create a PDF using 'CGPDFContextCreate' now I have to 'load' the existing PDF-Files and 'print' or 'draw' them to that context/object. I have not found the starting point from the docs to do that.
  Can someone help me find the right track?
  best,
  Alex

  Ok,
  is that a way?
  Create a context by 'CGPDFContextCreate'
  then grab each page of the existing document and draw it using
  CGContextDrawPDFPage. Feels circumstantially!?
  right way?

• Detecting PDF-image files in real time

  Hi,
  I'm planning to build a web application that allows users to upload PDF files. I want to be able to check the PDF files in real-time to ensure they only upload PDF text-searchable files, and not PDF image files. Is there anything from Adobe that has this functionality?
  I'll probably to integrating it into a .NET web application.
  Thanks.

  Hi Leonard - thanks for the reply.
  I've read up more about Adobe LiveCycle ES and it seems it might be a bit of an overkill for what I'm trying to do. I just need to have some software to check the PDF document whether it is text-searchable or not. LiveCycle appears to be a full document management and processing suite. Is there any more basic Adobe software that can do this kind of check?
  Thanks much.

• HTMLLoader does not detect PDF support on Mac computers

  I am having a problem loading a PDF file using the htmloader, everything works fine on a PC, however I keep getting HTML.pdfCapatibility, which returns 3201 (Adobe Reader cannot be found.) on all Macs.  We have ensured the most recent versions of adobe reader are installed.
  Also on a separate note, on some web sites that check for PDF browser support they will throw an error saying the air html window doesn't have PDF support when in fact their PDF content displays fine.

  No it was not installed in that location.  And not being so Mac savy
  I am still having difficulty trying to install the plugin.  Does anyone have a link that will easily get this done?

• Detect pdf application: if false jump to marker

  I am still a beginner with director. I am using buddy api,
  and I am looking for a script that will check to see if a pdf
  reading application is installed, if it is not I need to jump to a
  specific marker, which contains a menu informing the user they need
  to install adobe reader, which I have set up a link to do. Any help
  would be appreciated

  EL_devin wrote:
  > I am still a beginner with director. I am using buddy
  api, and I am
  > looking for a script that will check to see if a pdf
  reading
  > application is installed, if it is not I need to jump to
  a specific
  > marker, which contains a menu informing the user they
  need to install
  > adobe reader, which I have set up a link to do. Any help
  would be
  > appreciated
  if baFindApp("pdf")="" then
  -- no associated app
  end if
  or on a Mac:-
  if baFindApp("CARO")="" then
  -- no associated app
  end if
  Andrew

• Xournal 0.4.5 Exports Encrypted PDFs?

  Anytone else notice that standard Xournal 0.4.5 PDF exports are detected by ePDFView as encrypted? 0.4.2.1 exhibits no such behavior...

  Well, epdfview interprets *any* non-PDF file as encrypted, so maybe what's being exported isn't a PDF at all. (As far as I know.)

• PDF Encryption using CONTROL File in EBIZ R12 & Decrypting the PDF

  Hi All,
  We are using BI Publisher BURSTING with R12 ebiz.
  We have a requirement to encrypt the file while generating to the filesystem.Then when viewing the File from OAF they went to decrypt before showing to the user.
  As per the Documentation , there are some attributes like pdf-security and encryption level .
  a) Can we set these attributes in control file while using with R12 ? Is there any documentation available for the same ?
  b) Once we encrypt the file , Can we decrypt the file also , any documentation available for the same ??
  Regards,
  Vamsee.

  I can't recommend a solution for that. Tell your management team that this is unnecessary. The file system should be secure, if it's not someone on your unix admin team is in big trouble......
  I mean based on that logic all output files should be secured. By the way OAF is secure too so this really unnecessary as well. If the files need to be secured by a particular user, encryption is still a bad idea. You should just generate a relevant report for the user. Thats how we do security in the apps my friend.

• Preview PDF encryption is broken in Yosemite

  I correct documents saved and distributed as PDF's. They contain personal information and have to be encrypted. In Maverick, and using preview, i could always print to pdf, choose to encrypt and assign a password. Then I could email the document. Now preview will not encrypt. He help command returned instructions to use the "export" command and then choose encrypt. The check box to activate encryption slightly darkens but does not √. Then saving the document does not produce a protected document.
  This has been going on for some time and I had hoped todays update would correct this but it has not. Anyone have any ideas?

  Please read this whole message before doing anything.
  This procedure is a test, not a solution. Don’t be disappointed when you find that nothing has changed after you complete it.
  Step 1
  The purpose of this step is to determine whether the problem is localized to your user account.
  Enable guest logins* and log in as Guest. Don't use the Safari-only “Guest User” login created by “Find My Mac.”
  While logged in as Guest, you won’t have access to any of your documents or settings. Applications will behave as if you were running them for the first time. Don’t be alarmed by this behavior; it’s normal. If you need any passwords or other personal data in order to complete the test, memorize, print, or write them down before you begin.
  Test while logged in as Guest. Same problem?
  After testing, log out of the guest account and, in your own account, disable it if you wish. Any files you created in the guest account will be deleted automatically when you log out of it.
  *Note: If you’ve activated “Find My Mac” or FileVault, then you can’t enable the Guest account. The “Guest User” login created by “Find My Mac” is not the same. Create a new account in which to test, and delete it, including its home folder, after testing.
  Step 2
  The purpose of this step is to determine whether the problem is caused by third-party system modifications that load automatically at startup or login, by a peripheral device, by a font conflict, or by corruption of the file system or of certain system caches.
  Please take this step regardless of the results of Step 1.
  Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards, if applicable. Start up in safe mode and log in to the account with the problem. You must hold down the shift key twice: once when you turn on the computer, and again when you log in.
  Note: If FileVault is enabled in OS X 10.9 or earlier, or if a firmware password is set, or if the startup volume is a software RAID, you can’t do this. Ask for further instructions.
  Safe mode is much slower to start up and run than normal, with limited graphics performance, and some things won’t work at all, including sound output and Wi-Fi on certain models. The next normal startup may also be somewhat slow.
  The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.
  Test while in safe mode. Same problem?
  After testing, restart as usual (not in safe mode) and verify that you still have the problem. Post the results of Steps 1 and 2.

• Preview - PDF - Encrypt - Add password

  I am trying to be a loyal Mac user and rely on Preview for management of my secure PDF files.
  (I have used Adobe Acrobat Professional -AAP- for several years; I am trying to avoid installing it on my clean SL installation.)
  1.) How do I use Preview to open a PDF file created, encrypted, and password protected in AAP? (I get an error: The file “Secure.pdf” could not be opened. It may be damaged or use a file format that Preview doesn’t recognize."
  2.) Can someone give me simple step by step instructions to add Automator functions to Preview to allow me to encrypt and password protect individual files on a file by file basis?
  All of this is very simple in AAP. Seems unnecessarily difficult in SL...
  Help?

  Well, Dr. Midnight,
  There IS an answer. The "Password Protect PDF" file is a function in Automator that comes up as a Service in Preview.
  For me the problem is that Automator is not very intuitive and I am too old and too lazy to learn a new programming language just to replace/repair functionality that I had with Acrobat Professional in Leopard that got broken in Snow Leopard.
  Ok, - in truth - not broken, but moved and changed and made less easy to use. Preview becomes the default PDF handler in Snow Leopard. I though - ok - if Preview will do what Acrobat Professional used to do for me, I'll be a good little loyal Apple user and move from Acrobat Professional to Preview (and stop paying for Acrobat upgrades).
  Then I figured out it is a PITA to learn Automator and I learned that no one on this forum seems to know (or be willing to share) simple steps to enable one Automator Service.
  So I reinstalled Acrobat since I already own two licenses and since it does what I want simply and intuitively.
  By the way, thanks for checking in. Nice to know I am not all alone out here ....