Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Adobe Summit 2023 [19th to 23rd March, Las Vegas and Virtual] | Complete AEM Session & Lab list

Legacy Dynamic PDF Attachments blocked by Enterprise email


Level 8

Certain types of forms which are based on the legacy Adobe LiveCycle PDF Forms (xfa), when added as attachment, are being blocked by all Enterprise Email (of different companies). Personal email accounts (gmail for example) are not blocking such attachments.

Just checking if someone has come across such issue.


0 Replies


Level 8

We have about half a dozen of Dynamic PDF Forms. The problem happens with exactly one and only one PDF Form Template, and it is a Dynamic Form. All forms have large amount of javascript, and it only happens with only one of them.

Following is the error we get from Office 365 malware detection engine:

Delete message. Malware: JS/Jasobfus.A!ml;JS/Jasobfus.A!ml;JS/Jasobfus.A!ml;JS/Jasobfus.A!ml;JS/Jasobfus.A!ml File: FullForm_uspap-latest-off-v1.pdf


If I send the PDF as attachment from/to GMAIL account, there is no problem.

I performed test with several PDF Forms generated from the same template over the past year (I got them from the backup). In some cases, the attachment did go through after I open the PDF form in designer, and clear the "Save Options" and save as Dynamic PDF:


But after I repeated the test with the master template and several other files, I realized that clearing or setting the above options has no effect. Also, there is no difference if the template is blank or it has data imported.

As of now, I have two different versions of the Dynamic PDF Form that belong to the same master template and one of them was blocked by the malware engine, and the other was not blocked.

What I will do now is that I will compare the XML View of the both versions and try to figure out what is the difference that is causing the form to be identified as infected with malware.

If you have any feedback, please let me know.



Level 4

Check the Acrobat Version Compatibility. Are they all set to the same version?


Level 8

I was able to pinpoint the source of the problem... still need to narrow down even further. I deleted a recently added subform, and the malware detection didn't block the Dynamic PDF. This subform uses formcalc script with predicates as such:

form1.subform[26] - (FormCalc, client)

Sum(list_repair_item[*].sf_estimate.resolveNode("#field.[At(name, ""repair_estimate_hi"") > 0]"))

This was the first time I use such form. I will try to remove the above and check again.



Level 8

I was able to pinpoint the parts of the form causing the malware detection engine to block the PDF. See highlighted parts in the snapshot below.

Script Object: FormLocale

Table: posBody

Only when I delete the both the script object "FormLocale" and table object "posBody" then the PDF attachment will go through.

Appreciate if someone can help me find out why, and how I can solve this problem?



Level 8

I realized finally that the problem is not in a certain part of the form. I did a lot of testing, and now I have the conclusion that if I delete large and random parts from the form either script or objects (subforms), then the PDF form will be go through via the email attachment.

From what I see, if the size and/or pattern of the form meet certain criteria then the malware engine will block the form.


The ultimate experience is back.

Join us in Vegas to build skills, learn from the world's top brands, and be inspired.

Register Now