View Suspicious Documents Safely with Dangerzone

ByMike Moffit

A standard piece of advice for staying safe online is to avoid opening attachments from people you don’t know or attachments that seem suspicious. It’s good advice, since PDFs and office documents can contain JavaScript and macros that present a security risk, or they could be maliciously crafted to take advantage of vulnerabilities in common apps to execute code on your computer.

But in the real world, unless the document is attached to a message that is obviously spam, it’s difficult to know whether you should be worried. If you could just look at the document, you might be able to tell, but how can you do that without opening it?

Enter Dangerzone, an open source app created by the nonprofit Freedom of the Press Foundation. The impetus for creating it came from journalists who need to review attachments from possibly untrustworthy sources while protecting themselves from hacking and retaliation from powerful corporate and government interests.

Dangerzone won’t tell you whether or not a document is safe. Instead, when you drop a document on its window, it creates a PDF image of the document that contains nothing of the original other than the visual representation of its pixels. Think of Dangerzone as a virtual photocopier—it makes a visual copy.

But Dangerzone is a highly sophisticated virtual photocopier, since it has to work with malicious documents without allowing them to cause harm. Behind the scenes, Dangerzone first creates a Linux container to keep the document away from your Mac. Within the container, it then creates a sandbox to protect the Linux kernel. Then it uses open source tools—LibreOffice and PyMuPDF—to convert the original document to a PDF, split that PDF into individual pages, and convert each page to RGB pixels—just colored dots. Then it quits the sandbox since the file has been sanitized, and if possible, it converts the RGB pixel data into a compressed, searchable PDF. Finally, it saves the PDF to the specified folder and archives the original file. You can process only one file or batch of files at a time to ensure that the entire secure conversion environment starts fresh each time.

Here are the document types that Dangerzone can convert into safe PDFs:

  • PDF (.pdf)
  • Microsoft Word (.docx, .doc)
  • Microsoft Excel (.xlsx, .xls)
  • Microsoft PowerPoint (.pptx, .ppt)
  • ODF Text (.odt)
  • ODF Spreadsheet (.ods)
  • ODF Presentation (.odp)
  • ODF Graphics (.odg)
  • EPUB (.epub)
  • JPEG (.jpg, .jpeg)
  • GIF (.gif)
  • PNG (.png)
  • SVG (.svg)
  • TIFF (.tif, .tiff)
  • Other image formats (.bmp, .pnm, .pbm, .ppm)

You won’t want to use Dangerzone on every document you receive in email. There’s no reason to fuss with it for attachments that come from people you know, in contexts where it makes sense that they’re sending you something. But if you get an attachment out of the blue that makes you think, “Why is this person sending me a document?” run the document through Dangerzone to make sure it’s safe.

(Featured image by iStock.com/shironosov)

Social Media: Got a suspicious attachment? Dangerzone converts potentially dangerous PDFs and Office docs into safe, pixel-only copies you can view without risk. Think of it as a virtual photocopier that strips any hidden malware, JavaScript, or macros.

Similar Posts

  • Your Kibbles & Bytes Team,

    _Don, Emily & Dean_

  • Who cares about QR Codes?

    By now you’ve probably seen one of those odd-looking white squares with a bunch of smaller square dots that make up a random pattern inside–that’s a QR code. QR stands for “Quick Response,” and a QR code is a form of barcode, just like on the packaging of nearly everything you buy.

    Usually QR codes are used to store Web links–URLs–so an ad can display just the QR code instead an unwieldy and hard-to-type web address. But QR codes aren’t just for ads. They’ve appeared on business cards, in magazines and books, on coins and bills, and even on tombstones–any place it would be nice to help someone load a Web link into a smartphone but where there isn’t enough room for a URL or in situations where viewers won’t remember the URL later. And the links? They can display anything that can appear on the Web: text, photos, videos, games, and more.

    Only one built-in iPhone app can scan QR codes–the Wallet app in iOS 9–but it can scan only QR codes that are associated with Wallet passes, things like airline boarding passes, concert tickets, and iTunes gift cards. For QR codes that encode any other sort of data, Wallet shows an error. It would be nice if Apple would add general QR scanning capabilities to Wallet or the Camera app, but until that happens, you’ll need another app.
    There are numerous QR code scanning apps in the App Store, but if you need a recommendation, give TapMedia’s QR Reader for iPhone a try. It’s free with ads (remove them with a $1.99 in-app purchase), scans both QR codes and traditional barcodes on most commercial products, and displays the associated information within the app. It can even help you create your own QR codes.

    To use a QR code scanner, launch the app, allow it to access the camera when it asks, and then point it at the QR code. Good apps will scan nearly instantly, but if not, move the camera so the QR code is centered between the guides. If even that doesn’t work, move forward or back so the camera can focus on the centered code.

    Once the code has been scanned, the app will usually bring up an in-app Web browser to display whatever was encoded. For certain kinds of data, like books or grocery items, the app may go right to Amazon or a price comparison site. Good apps will also keep a record of sites you’ve scanned, so you can go back to them later, even if you can no longer scan the QR code.

    So download a QR code scanning app and keep an eye out for QR codes. Once you start looking, you’ll find them everywhere–it’s a modern-day treasure hunt!