20 Replies Latest reply: Aug 3, 2013 3:44 AM by Dave Merchant RSS

    Allow Zip Files as Attachments in PDFs

    dancablam Community Member

      As many of you are aware, newer versions of Acrobat have removed the ability to open or save zip files attached to a PDF (without a complex registry hack).

       

      Notice that I've attached a zip file to this post. Adobe: If you've deemed zip files safe enough to be hosted and delivered in your own forums, maybe they're safe enough to be reinstated in PDFs?

       

      I believe no product should force security on its users without providing them any practical way to override. Web browsers, email clients, and operating systems warn you of potentially dangerous files and then let the client make the choice. What if it's a zip file from a trusted source full of harmless text documents? Too bad - because Acrobat says so. Acrobat makes no attempt to examine the zip file to see if perhaps its contents are dangerous - it just sweepingly decides zips are far too dangerous to let the user have any voice in the matter. I fundamentally disagree.

       

      I think Adobe got this one wrong - and I cast a vote that they loosen the noose on zip files on a future release. I'd like to hear other users' thoughts on this issue. Adobe is good at listening to their users - so tell them what you think.

       

      Cheers,

      Dan

        • 1. Re: Allow Zip Files as Attachments in PDFs
          onecatalogue Community Member

          I was hoping it  can include zip files so I can deliver my product in one pdf than maintain a download website.

          • 2. Re: Allow Zip Files as Attachments in PDFs
            Balpox Community Member

            Agree!

            Adobe should not decide for the user.

            • 3. Re: Allow Zip Files as Attachments in PDFs
              zippedup Community Member

              This information is for Acrobat Professional users in Windows XP. I don't know if it

              is valid for PCs using only Acrobat Reader.

               

              Adobe is wrong but that doesn't mean we have to live with their problem.

              Since when does anyone open attachments from unknown or unsolicited sources?

              Some zip files can be or contain executables (.exe) but that is no excuse for not

              knowing where your emails or files come from and not having up to date virus software.

               

              Adobe did not disallow zip file attachments, they just buried the enable so deep

              that the average user would never find it and using an editor (regedit) that most users

              have never heard of. As far as I am concernced, without any word from the Adobe

              Tower, this is pure marketing.

               

              I have inserted a jpeg photo that shows, for Windows XP, where to find the hidden enable

              and how to edit to allow opening OR saving (recommended) zip files. This is the

              file I have been passing to my Engineers and suppliers. The information comes from

              a help call I put in to Adobe.

               

              Editting the registry is not difficult, you just need to be sure that nothing unusual

              happens while editting the text or saving after done. Have an IT person or other

              superuser do the edit if you are unsure. After editting and saving, select  BuiltInPermList,

              then pulldown  File   and click   Export. This produces a one-click edit that will fix the

              problem on any Windows XP computer.

               

              Adobe is also blocking rar, tar and tgz compressions.

              This edit needs to repeated anytime Acrobat is reinstalled.

               

               

              Cannot Open ZIPs Attached to PDFs.jpg

              • 4. Re: Allow Zip Files as Attachments in PDFs
                Dave Merchant ACP/MVPs

                There's no point in manually configuring your system to allow compressed file attachments if your recipients won't be able to open them. There are valid security reasons why ZIP, RAR, etc. are disabled by default, and while it's possible to override that decision it's not a practicable workflow for a file you intend to distribute to a general audience.

                • 5. Re: Allow Zip Files as Attachments in PDFs
                  zippedup Community Member

                  But it is an ideal way to transport under 5M of machine or computer files on a pdf drawing between companies doing

                  business together via email. There are valid securtiy reasons for not driving to work too. What is needed is a positive

                  'how to' and a little less corporate 'can't do'.  If Adobe were not sensitive to thousands of users, why the phase-out?

                  Why not just disable these files completely?

                  I'd suggest helpful topics on setting up FTP, remote 3rd party servers and cloud connections with business partners.

                  • 6. Re: Allow Zip Files as Attachments in PDFs
                    Dave Merchant ACP/MVPs

                    I can't discuss precisely how compressed files can be used to attack a system, but one reason for the change is that many enterprise AV software operating at the firewall/mailserver level cannot reliably extract and scan the contents of a ZIP file which is itself inside a PDF - if the individual user who opens the file hasn't got strong desktop-level protection or the malicious attachment is a trojan rather than a virus, it can run riot. It's the same reason that malicious files shared through P2P tend to be ZIPs inside RARs inside RARs...

                     

                    Adobe has always worked hard to ensure the PDF format is as trustworthy as possible, and where appropriate has restricted features of its software when the balance of probability suggests that feature will be used for malicious intent. There's nothing to stop someone putting a PDF inside a ZIP (which is easily scanned by AV software), it's just putting a ZIP inside a PDF that's disabled. Yes, the blacklist is editable for special situations, but the default block is to protect the type of user who is least able to understand the implications of opening the attachment.

                    • 7. Re: Allow Zip Files as Attachments in PDFs
                      omurphy27 Community Member

                      I'm sorry, but this is extremely frustrating, especially since my current bank insists on sending me PDFs with a Zip file embedded, except I can't extract it, because Adobe Acrobat doesn't even allow the option for doing so.

                       

                      I'm not tech savvy enough to edit the register without messing something up, and I've been unable to install older versions of Acrobat on my PC. Does anyone have a link to an older version of Acrobat that I can download that will let me open up zip attachments in PDFs?

                      • 8. Re: Allow Zip Files as Attachments in PDFs
                        Dave Merchant ACP/MVPs

                        I'm afraid the fault is with your bank - they are using a combination of formats which is not supported by Adobe Reader and has not been for some time. Given Adobe Reader dominates the PDF consumption market on desktops, they need to change their workflow to reflect what is and is not allowed. There's no reason why a PDF attachment needs to be ZIP compressed; if it's a size issue then they should add the attachment to the PDF and *then compress the PDF*, or deliver it as a standalone file.

                        • 9. Re: Allow Zip Files as Attachments in PDFs
                          omurphy27 Community Member

                          Fair enough, I just wish there was an easier work around.

                          • 10. Re: Allow Zip Files as Attachments in PDFs
                            Dave Merchant ACP/MVPs

                            It was a security-related decision to remove the support for compressed attachments, so it's intentional that bypassing it is not easy. The registry entries that control blacklisting are designed for enterprise users who have a closed-loop workflow that has to support files which would otherwise be untrustworthy, but changing the blacklist and then opening files from general circulation is, to say the least, not recommended.

                            • 11. Re: Allow Zip Files as Attachments in PDFs
                              Steve Bishop Community Member

                              What I find annoying is that the files are allowed to be attached in the first place without a warning.Users of a system I wrote attach zip files that cannot be viewed by users down the line in the workflow.

                              • 12. Re: Allow Zip Files as Attachments in PDFs
                                GeolShot Community Member

                                Back in 2005 while writing my thesis (with LaTex) I compiled the source into a nice PDF.

                                Under Acrobat Pro 6.x (or was it 7.x already?) I decided for more safety to attach a zip archive of the source code to my beloved printer-ready pdf. 6 years later, I'm working at a university and would like to reuse part of *my* old code, still embedded somewhere in *my* original PDF (along with a ppt of my oral defense which, possibly, contained harmful macros, but who cares).

                                Oh, wait. Adobe now prevents me to do it. Can save the ppt, can't save the zip. You can't explain that.

                                And unfortunately I cannot mess with the registry. You see, this little dirty hack would precisely be a security breach if any end-user can access the windows registry (to disable antiviruses, firewalls... for instance). So our admins forbid it, and Adobe does not offer any solution to what is an otherwise trivial feature found in any email software out there (= save attachments after eventually displaying a warning message, running them through the installed antivirus, or...).

                                 

                                This unilateral "security" gibberish from Adobe is just plain nonsense. If the folks at Adobe think their user basis is made of dummies (hmmm, could very well be!) and are so concerned with the safety of the aforementioned, let's just include an optional anti-malware module within Acrobat. They could even charge for an Adobe Antivirus, tee-hee-hee.

                                • 13. Re: Allow Zip Files as Attachments in PDFs
                                  JR_Boulay Community Member

                                  Hi,

                                   

                                   

                                  CEASE FIRE !

                                   

                                  ==> there is no need to previously ZIP an attached file since a PDF-attachment is still zipped !

                                   

                                   

                                  Seach for "ZIP files in PDF Portfolios" on this page: http://blogs.adobe.com/pdfdevjunkie/category/acrobat/pdf-portfolios/page/2

                                   

                                  It's about Portfolios but it's exactly the same thing for "single" PDF files.

                                  You should also Google-translate this french page: http://abracadabrapdf.net/articles.php?lng=fr&pg=637

                                   

                                  The attachments navigation panel gives these infos in Reader and in Acrobat: "Size" and "Compressed size" are displayed.

                                  Here is a (french) screengrab:

                                   

                                  http://abracadabrapdf.net/img/Zip-et-PDF_01.png

                                  (Fichier means File, Taille means Size, Taille compressée means Compressed size, and Ko means Kb)

                                   

                                   

                                  ;-)

                                   

                                  Message was edited by: JR_Boulay

                                  • 14. Re: Allow Zip Files as Attachments in PDFs
                                    fsgysin Community Member

                                    @JR_Boulay:

                                    The point of attaching an archive file like .zip is not the compression, we all know that PDF does this for us.

                                     

                                    The reason is to be able to keep your attachment count low and preserve any folder structure present in the zip-compressed files. I tried for example to attach the source of my thesis to the final PDF file: thats around a dozen LaTeX files, dozens of images, bibliography, tables, diagrams, etc -- all distributed and organized over a clear folder hierarchy...

                                     

                                    You cant be suggesting to manually attach each and every one of these files, therby also losing the correct folder structure?

                                    • 15. Re: Allow Zip Files as Attachments in PDFs
                                      JR_Boulay Community Member

                                      Hi,

                                       

                                      If you need to preserve folder structure you should take a look to PDF Portfolios:

                                      http://help.adobe.com/en_US/acrobat/X/pro/using/WS8AC2CE72-864F-4d65-815A-4AFCAB0B46FA.htm l

                                       

                                      Adobe's Layouts (Themes) built-in Acrobat X and XI are ugly but you can find some nicest here: http://blog.practicalpdf.com/portfolios/

                                      (With a particular mention for the Grid with Preview theme.)

                                       

                                       

                                      • 16. Re: Allow Zip Files as Attachments in PDFs
                                        fsgysin Community Member

                                        I am  ten and what is this?

                                         

                                        No, joke aside: I have never heard of such a thing before. I am fairly certain none of my friends and colleagues have heard of or worked with PDF porfolios before.

                                        Then you seem to need some Adobe pro version to even be able to work with it properly. Also it is not clear if all file types are supported, but things like "The files in a PDF Portfolio can be in a wide range of file types created in different applications" do not make me optimistic.

                                         

                                        Last but not least, the one important funtionality everyone here is asking for -- extracting the attached content afterwards and saving it to your disk independent of the PDF(-portfolio) it was shipped with -- is not listed on the page you linked and I would bet a fair amount of money that it's not possible...

                                        • 17. Re: Allow Zip Files as Attachments in PDFs
                                          JR_Boulay Community Member

                                          extracting the attached content afterwards and saving it to your disk

                                          Yes, no problemo.

                                          More: attachments can be edited/saved even if they stays inside the PDF Portfolio.

                                          Any file type can be embedded, except those considered as potential security issue (.zip, .exe, .js, etc.)

                                           

                                          Otherwise, the most common workaround is to add another extension to the restricted file type, as MyFile.zip.txt

                                          But the end-user have to be aware of that and must know how to remove it when/after extracting the file.

                                           


                                          • 18. Re: Allow Zip Files as Attachments in PDFs
                                            Amandilh Community Member

                                            What is funny is that setting the value 1 for the considered extension has exactly the behaviour one is likely to expect:

                                             

                                            • User is warned that the file may be unsafe and is given three choices: open, or permanently set the behavior to Allowed or Prohibited.

                                             

                                            • Dialog: "The file attachment filename may contain programs, macros, or virus that could potentially harm your computer. Open the file only if you are sure it is safe. Would you like to: -- Open the file-- Always allow opening files of this type-- Never allow opening files of this type"*

                                              * The user will always be prompted each time a file of the same type is opened, regardless of which option they choose in the dialog. In addition, the setting in the registry will not change.

                                             

                                            Why do not use this by default ???

                                             

                                            Source: http://andrewalbrecht.com/content.php?pageID=106

                                            • 19. Re: Allow Zip Files as Attachments in PDFs
                                              sb22030 Community Member

                                              Foxit Reader allows one to open and save zip attachments to pdfs.

                                              • 20. Re: Allow Zip Files as Attachments in PDFs
                                                Dave Merchant ACP/MVPs

                                                There are three reasons why ZIP archives aren't allowed in PDF files:

                                                 

                                                1. Attachments can be accessed  by scripts in a PDF file without the user necessarily knowing what's going on.
                                                2. Not all firewall and AV programs will scan attachments to a PDF file, so there's a real concern from enterprises that a malicious file could pass through perimeter security.
                                                3. While there is a warning message shown if you manually change the settings, the very people who are most likely to be duped by a malicious file are least likely to read and understand the prompts.

                                                 

                                                It's not a theoretical risk - before the setting was introduced, malware-laden attachments were very common and quite effective at luring people into opening the file, despite the warnings. Often the PDF file itself looked perfectly genuine, it was only the attachment that contained malware - unlike a phishing email offering you $500,000,000,000 from a Nigerian minister, until you opened the attachment there was no real indication of anything suspicious. By then it was too late.

                                                 

                                                In a closed environment there can still be advantages to being able to attach ZIPs which is why Adobe allows an enterprise administrator to change the defaults - but this has to happen on both ends, and in turn exposes that machine to malware from outside the enterprise; so it's only suggested for sandboxed networks.