Yes, I agree, they are very small in number, presently.
More load on the server wouldn't be good. But I am thinking of ways to
protect the user, if pdfs are this small in number then we could check them all manually.
No, that's what I meant -- that moderators could do it manually, as long as the numbers stay low. Maybe someday, we have some server side scan.
But for now, is there any way to check PDFs, without having to download them?
Ok, I found this: https://virusdesk.kaspersky.com/ I've heard of kapersky forever. So you just copy the link to the PDF, and paste it in the field. (Or there's a drag and drop option.) Then just click Scan button. If it's says "safe", then it will be safe to open with your PDF viewer, to see what's in there.
Any reason not to use that?
Thanks, brynn
-----Original Message----- From: Martin Owens Sent: Saturday, March 10, 2018 3:53 PM To: brynn ; Inkscape-Docs Cc: Abdur-Rahmaan Janhangeer ; die humblex Subject: Re: welcome new moderator, and discuss PDFs
Hi Brynn,
But I guess it's something like scanning the file before it actually uploads?
This isn't at issue at the moment, but we should be aware of it for the future.
I suppose it might be more convenient to copy the PDF and take to a free online scanner (rather than moderators downloading them).
More load on the server wouldn't be good. But I am thinking of ways to protect the user, if pdfs are this small in number then we could check them all manually.
I mean, for that matter, I think the same thing is true for SVGs, isn't it? They can contain scripts which could potentially be malicious, right? I wonder if there is some server side scanner which could automatically check all uploads?
No, we don't host svg images to users like that. There's a flag that allows us to embed them IF we trust the contents. But it's only used by the admins for certain svg files that's we've checked out first.
Browsers will naturally protect users from non-embeded svg files and should be protecting users from pdf files too.
Unless we know we're getting viruses because we're checking files manually, I say we wait until we have a problem. We can always pause the quota to pause uploads while we get a solution put together when that day comes.
Best Regards, Martin Owens