Sandbox reading
The document's JavaScript, open actions (OpenAction), external commands (Launch) and links are not executed, and the window has no network access: active code is extracted and shown, not run.
A PDF that lands in your inbox, that you download or that a client hands you is not a sheet of paper: it is a format with a programming language inside. Opening it with Acrobat or Preview means running it — its JavaScript fires, open actions are followed, and the document can reach the outside and tell whoever crafted it that it was opened, when and from which IP address. Probatio's PDF module instead opens it in its own window and in a multi-layer sandbox: the document is interpreted, not executed; the window has no network; the raw bytes are parsed in a subprocess isolated from the rest of the system, with memory and time limits and — on macOS — an operating-system profile denying it network and any write outside its work folder. It is a safe reader for anyone who has to open a suspicious attachment — analyst, professional, cautious user — and at the same time a forensic workbench to examine it (provenance, active code, hidden text, signature) and work on it (pages, redaction, annotations, stamp) without ever touching the original.
A PDF is not a sheet of paper: it is a format with a programming language inside. Opening a document you don't trust is, quite literally, running code from a potentially hostile source. Probatio does not just «turn JavaScript off»: it separates what the document asks to do from what the system lets it do, at three independent levels — if the first falls, the other two remain.
eval disabled, scripting off, no active annotation layer: JavaScript, /OpenAction, /Launch and links do not fire. Active code is extracted and shown.
probatio-pdf-helper) with a memory cap, a CPU cap and a timeout. A malformed PDF brings down the helper, not Probatio, and does not take the working session with it.
sandbox-exec profile that denies network, denies writes outside the work folder and denies spawning other processes. Tested: an attempted write to /etc is refused by the kernel, not by an in-app check.
How far it goes, and where it stops. OS-enforced confinement is active on macOS (a sandbox-exec profile) and on Windows (a restricted-token Job object): no network, no writes outside the work folder, no child process. On both, the helper also runs as a separate process with resource limits, so a malformed file brings down the helper and not the app. And no sandbox makes a file harmless: basic sanitizing removes JavaScript, automatic actions and attachments, but an exploit nested in a malformed stream or in a font would survive. To go after that very vector Probatio offers a deep clean: it rebuilds the document, discards embedded font programs (remapping fonts to a standard one) and neutralizes dangerous-codec images — JBIG2 and JPX, the class of the FORCEDENTRY attack. Both sanitizing and deep cleaning are always your choice, declared, at save time — and when the PDF is evidence to be filed, keep in mind that cleaning it alters it: the cleaned copy is no longer the original.
The document's JavaScript, open actions (OpenAction), external commands (Launch) and links are not executed, and the window has no network access: active code is extracted and shown, not run.
The PDF bytes are read in a separate subprocess, with a memory cap (1.5 GiB), a CPU cap (30 s) and a timeout: a malformed or malicious file can bring down the helper, not the app. On macOS an operating-system profile denies it network, writes outside its work folder and spawning other processes.
The program that generated the PDF, creation and modification dates, source file (xmpMM:DerivedFrom), inferred operating system from the producer string — labelled as an inference, because no PDF records its own OS — and the full XMP packet.
Every object in the document is walked looking for action dictionaries: JavaScript, Launch, URI, SubmitForm. The code is read in full in the Inspection column. Looking only in the «well-known places» would always miss one.
White-on-white text, in invisible render mode or in a microscopic size: invisible on the page, but read by whoever extracts the text — automated review, indexing and AI models. Probatio lists it page by page and takes you to it with a click.
Zoom, in-text search with match highlighting, page thumbnails, single- or two-page view and a split view (vertical or horizontal) to compare two distant pages of the same document.
Delete, rotate, reorder and insert pages from another PDF, by dragging it to the chosen spot among the thumbnails: imported pages arrive complete, with the attributes inherited from the source document. You always work on a session copy, with undo and redo on full document snapshots.
Redaction removes the glyphs from the file, it does not put a black rectangle over them: the redacted text is no longer extractable by copy-and-paste nor by pdftotext. Images and annotations inside the area go too; the document is re-serialised, so the previous revision does not survive inside the file.
Highlights in five colours, notes (sticky) and arrows. They are real PDF annotations, each with its own appearance stream: Acrobat reads them, Preview reads them, and they can be removed without touching the content.
Apply an image (e.g. a signature PNG with transparency) and resize it with locked proportions. Embedded images sit in a library with thumbnails and a lightbox, zoomable 1:1 at their true resolution: JPEGs are saved bit-identical to the embedded stream, so the extracted image's hash matches.
A badge flags whether the PDF is signed; on the first edit it warns that the signature will be invalidated. The detail (validity, integrity, signer, eIDAS/QSCD, chain, timestamps, OCSP) is checked on the original file, not on the work copy: verifying the copy would tell a lie about the document you received.
On opening, a YARA scan warns about code known to be suspicious — and if the rules cannot be downloaded it says so: «I could not look» is not «clean». When saving a document with active code, you choose between a sanitized copy and the original file as it is.