Question Is that true or just a hoax?

[Parkinsond]

Take potentially dangerous PDFs, office documents, or images and convert them to safe PDFs.

Dangerzone destroys malware by rendering your document into pixels in a secure sandbox and reconstructing it locally as a PDF.

Documents are sanitized in a sandbox with no network access, so if a malicious document can compromise one, it can't let anyone know.

Dangerzone is a free and open source project, maintained by Freedom of the Press Foundation (FPF), a nonprofit organization that protects and defends press freedom.

Dangerzone

Take potentially dangerous PDFs, office documents, or images and convert them to a safe PDF.

dangerzone.rocks

 

[TairikuOkami]

Or maybe use SumatraPDF? The dev intentionally avoid adding some features to prevent it to be more vulnerable. Honestly, who needs 1GB app to open 1MB PDF?

 

[Parkinsond]

Or maybe use SumatraPDF? The dev intentionally avoid adding some features to prevent it to be more vulnerable. Honestly, who needs 1GB app to open 1MB PDF?

I use OnlyOffice as my pdf editor/reader; it cannot run javascript; for docx files, it also does not run vba macro (when using MS Word for extensive editing, I have macros disabled).

 

[SeriousHoax]

It's not a hoax, it's SeriousHoax
Joking aside, I have also been using Sumatra PDF for many years. Great little program. It even has a single exe portable version.
Edit: This DangerZone program reminded me of CheckPoint's emulation which does the same thing.

 

[Parkinsond]

It's not a hoax, it's SeriousHoax

I have also been using Sumatra PDF for many years

Keeping away from Adobe reader and MS Office reduces the attack surface area.

 

[Andy Ful]

This method can kill many malware embedded in documents.
However, many documents use embedded URLs to phishing/malicious websites. This can survive the rendering.

 

[Parkinsond]

This method can kill many malware embedded in documents.
However, many documents use embedded URLs to phishing/malicious websites. This can survive the rendering.

I forgot to say I also disable opening URL on clicking in settings of pdf reader.

 

[Trident]

This method can kill many malware embedded in documents.
However, many documents use embedded URLs to phishing/malicious websites. This can survive the rendering.

Yeah, this is where the CP emulation @SeriousHoax mentions and the CDR (content disarm and reconstruction) published by @Parkinsond start to differ.

Both of them remove macros, custom fonts and other content that can launch an attack, but Check Point also inspects links, and downloads and emulates all files.

It also analyses the contents for phishing.

 

[TairikuOkami]

I forgot to say I also disable opening URL on clicking in settings of pdf reader.

Samsung Autoblocker on max on android does just that, it is quite annoying, I have to use copy/paste, but it is a nice feature.