Coda Print-to-PDF Virus?

I recently isolated a situation where PDFs generated by Coda (when using the latest Chrome browser on a Mac) are laced with a virus as claimed by Gmail when attaching said PDFs to Gmail messages.

Note -

  • I’m using the Coda document print feature as shown in the screenshot.
  • If I make a copy of the document and export to PDF, it still has the virus.
  • If I create PDF exports from other Coda documents, there are no viruses present when attaching to Gmail messages.
  • I’ve swapped out the PDF generator as well without success further indicating it is not in the OS or the PDF generation process.

This suggests to me that at least one of my Coda documents is specifically compromised and that this virus is likely associated with features used by this Coda document (unlike my other documents, this one uses Cross-Doc).

I also verified that PDFs generated (also when using the same Chrome browser) with other web sites and web apps do not have such viruses when attaching to Gmail messages.

My tests indicate this only happens with Coda - anyone seeing this as well?

1 Like

Hey Bill, thanks for posting. I’m not getting this error message at all. These are the steps I took to reproduce:

  1. Opened a doc page that includes a CrossDoc table in it.
  2. Used the Print to PDF export function to download the page as a PDF.
  3. Dragged & dropped PDF file to Gmail draft message.

I’ve also tried w/ various other pages in Coda and was unable to reproduce this issue.

If this is only happening with one specific Coda doc, can you try reaching out to our tech support chat so we can look further into this for you? Include a screenshot of the error you’re getting in Gmail if you can :+1:.

Thanks @Renita_Mwangachuchu,

This only appears to be happening with one Coda document and one specific page in that document. We’ve tested a bunch of the others, even ones whereCrossDoc is used and the PDFs are clean, leading me to believe that it might be some content within the document that is harboring what may appear to be a virus from Gmail’s perspective.

This is the alerting I get from GMail:

Deeper Dive!

But your observations compelled me to look closer at the content as a potential source of this errant issue. This particular CrossDoc data grid (with hundreds of records) contained a reference to a Coda document that itself contains script embedded as text and shown below. I was able to narrow the failure down to a single record.

If I filter out the record with the document reference, the PDF export is deemed clean by Gmail; ergo, mystery solved, or at least the cause is known.

Conclusion(s)?

  1. Be careful of references to documents that contain actual script snippets. I tested a few more clean cases and any references to documents that include scripts appear to trigger skepticism by Gmail.
  2. The issue is not related to CrossDoc; I was able to replicate the issue without it.
  3. References to documents that contain scripts will trigger this issue regardless of whether they are made in paragraphs or table cells.
  4. My hunch is that Gmail’s PDF attachment process attempts to examine the content of embedded links and the presence of any script is flagged by Google as a “virus”. This is not the case with all email clients; Superhuman, for example, reports no such virus.
  5. Deeper investigation using Virus Total shows that at least one security vendor shows that the PDF does in fact contain the Cyren (Camelot) virus when the document is exported with the link to the other Coda document.
  6. Oddly, exporting the other Coda document with the actual script content shows no such virus indications.

Coda Document Referenced

3 Likes