Well, I'd say currently, PDF's are not very commonly uploaded. I wouldn't want to take a lot of your time on this, especially if it's not a perfect solution.
I'm not sure what Abdur-Rahmaan means about
though as a programmer i'm sometimes wary of pdfs, i think a system like google drive which checks before downloading might work ok (we'll check on uploading).
or a serverside check on back-end maybe if a trusted one exists.
But I guess it's something like scanning the file before it actually uploads?
I suppose it might be more convenient to copy the PDF and take to a free online scanner (rather than moderators downloading them).
Does anyone know a reliable free online malware scanner? Or other ideas? Should I copy this to the Devel list, for more comments?
I mean, for that matter, I think the same thing is true for SVGs, isn't it? They can contain scripts which could potentially be malicious, right? I wonder if there is some server side scanner which could automatically check all uploads?
brynn
-----Original Message----- From: Martin Owens Sent: Wednesday, March 07, 2018 7:18 PM To: brynn ; Inkscape-Docs Cc: Abdur-Rahmaan Janhangeer ; die humblex Subject: Re: welcome new moderator, and discuss PDFs
It's possible to convert a pdf to an image on the webserver to aid with the problem. Wouldn't be a completely proof solution, but would help.
If this seems like it would be urgently need, I can spend some time on it.
Best Regards, Martin Owens
On Wed, 2018-03-07 at 18:30 -0700, brynn wrote:
Hi Fellow Moderators! Welcome to our newest moderator, Abdur-Rahmaan Janhangeer. Now with 6 moderators, 3 of which are able visit on almost daily basis, I'm starting to feel like the system is really able to meet its potential.
(Fyi Everyone, JAKE is now Panda.) I'd also like to discuss a moderation issue regardingPDFs. There was a recent image, I think it was the map of Europe, uploaded as a PDF. One comment which was posted, along with a vote to delete, was "pdf can contain viruses or get your ip on opening".
While I understand that potentially can happen, PDF is anacceptable format for uploaded resources (whether image or text) in the gallery. So we can't delete them only because they are PDFs.
However, since their contents are not displayed, we must openthem, to find out if they meet the CoC guidlines. What would be the best way to get a look at the contents, without risking our personal privacy and/or security?
I'm thinking we should download and run our local securityscans, before opening. (Or I suppose there are some free online scanners. Don't have any links right offhand though.) Does anyone know of a better, possibly less time consuming (and memory eating) way to get a safe look at the contents?
All best, brynn