Sanitize documents to safe PDFs, for active content removal
#+TITLE: README
This program is [[https://github.com/rimerosolutions/entrusted/tree/develop][under rewrite]] for usability, coding practices and maintainability.
- What is this?
=Entrusted= is a document sanitizer tool that converts "/potentially suspicious files/" into /safe PDFs/:
- This is achieved by removing active content inside a "lightweight sandbox" ([[https://www.ibm.com/cloud/learn/containerization][containerization]])
- Please note that this tool doesn't provide absolute security guarantees
[[./images/screenshot.png]]
[[https://www.youtube.com/watch?v=InEsPLyFsKQ][Youtube presentation]] and [[https://github.com/rimerosolutions/entrusted/files/9892585/entrusteddocumentsanitizer.pdf][PDF slides]] about =Entrusted=.
** Features
Key features include the following:
- Files are processed inside a "sandbox" (disabled internet connectivity)
- The application is multilingual (English and French translations for now)
- Password-protected files are supported (known Office document formats and PDF files)
- The sanitization of huge documents is frictionless
- Optionally, [[https://en.wikipedia.org/wiki/Opticalcharacterrecognition][OCR]] can be applied to PDF results (selectable and searchable text)
- Files can be converted in batch (sequentially)
- PDF result quality is configurable (processing speed v.s. better looking output)
- A Web server with a user interface is available and can act as an "online service"
- The [[https://github.com/rimerosolutions/entrusted/tree/main/cicd/livecd][live CD]] provides both enhanced security and configuration convenience
Do you identify yourself in one of the situations below?
- I suspect that my computer might have been infected few times after opening documents
- I "acquire" documents from file sharing applications or the [[https://en.wikipedia.org/wiki/Dark_web][Dark Web]]
- I often need to open email attachments from unfamiliar senders
- I download files from "potentially non-trusted websites"
The following file types can be processed with =Entrusted=:
- PDF files (=.pdf=)
- Text Documents (=.rtf=, =.doc=, =.docx=, =.odt=)
- Presentations (=.ppt=, =.pptx=, =.odp=)
- Spreadsheets (=.xls=, =.xlsx=, =.ods=)
- Images (=.jpg=, =.jpeg=, =.gif=, =.png=, =.tif=, =.tiff=)
- OpenDocument Drawing Document Format (=.odg=)
- What is available?
There are three user interfaces ([[./app/entrustedclient][Desktop and Command-Line]], [[./app/entrustedwebserver][Web]]):
- The graphical Desktop interface is recommended for most users
- If you prefer the Web interface, please download the live CD for an out-of-the-box user experience:
** Downloads
Please visit the [[https://github.com/rimerosolutions/entrusted/releases][releases page]] for downloads (64-bit: [[https://en.wikipedia.org/wiki/X86-64][amd64/x86_64]] and [[https://en.wikipedia.org/wiki/AArch64][aarch64/arm64]]).
- =aarch64= (i.e., =arm64=) builds are not yet available for Windows
- For Linux, when in doubt, pick the =glibc= file, unless you're sure about your system
- Ignore any warnings about trusting the application under Windows or Mac OS, the binaries are not signed
|-----------+-----------------------------------------------+-----------------------------------------------| | "System" | Artifact | Description | |-----------+-----------------------------------------------+-----------------------------------------------| | =Linux= | =entrusted-
- What is required?
- Operating System: Linux, Mac OS or Windows
- Container Runtime: [[https://podman.io/][Podman]] (Linux) or [[https://www.docker.com/][Docker]] (Linux, Mac OS, Windows). On Mac OS, you need more specifically [[https://www.docker.com/products/docker-desktop/][Docker Desktop]].
- Few references
- [[https://www.youtube.com/watch?v=InEsPLyFsKQ][Youtube presentation]] about =Entrusted= ([[https://github.com/rimerosolutions/entrusted/files/9892585/entrusteddocumentsanitizer.pdf][PDF slides here]])
- [[https://dangerzone.rocks/][Dangerzone]], the application that =Entrusted= is originally based-on
- Disabling file preview and thumbnails ([[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200006][Windows]], [[https://osxdaily.com/2013/01/10/disable-finder-icon-thumbnails-previews-mac-os-x/][Mac OS]], Unix/Linux: [[https://gitlab.gnome.org/GNOME/eog/-/issues/130][Gnome]], [[https://www.reddit.com/r/kde/comments/gufzbh/howdoyouturnoffthetinyimagepreviews_in/][KDE]], etc.)
- Security vulnerabilities for [[https://www.cvedetails.com/vulnerability-list/vendorid-22772/productid-80467/Podman-Project-Podman.html][Podman]], [[https://www.cvedetails.com/vulnerability-list/vendorid-13534/productid-28125/Docker-Docker.html][Docker]]
- Few general vulnerability scanning tools: [[https://github.com/CISOfy/lynis][lynis]], [[https://github.com/jtesta/ssh-audit][ssh-audit]]
- Few container vulnerability scanning tools: [[https://trivy.dev/][Trivy]], [[https://quay.github.io/clair/][Clair]], [[https://github.com/deepfence/ThreatMapper][ThreatMapper]]