Certain types of forms which are based on the legacy Adobe LiveCycle PDF Forms (xfa), when added as attachment, are being blocked by all Enterprise Email (of different companies). Personal email accounts (gmail for example) are not blocking such attachments.
Just checking if someone has come across such issue.
I realized finally that the problem is not in a certain part of the form. I did a lot of testing, and now I have the conclusion that if I delete large and random parts from the form either script or objects (subforms), then the PDF form will be go through via the email attachment.
From what I see, if the size and/or pattern of the form meet certain criteria then the malware engine will block the form.
I was able to pinpoint the source of the problem... still need to narrow down even further. I deleted a recently added subform, and the malware detection didn't block the Dynamic PDF. This subform uses formcalc script with predicates as such:
Following is the error we get from Office 365 malware detection engine:
If I send the PDF as attachment from/to GMAIL account, there is no problem.
I performed test with several PDF Forms generated from the same template over the past year (I got them from the backup). In some cases, the attachment did go through after I open the PDF form in designer, and clear the "Save Options" and save as Dynamic PDF:
But after I repeated the test with the master template and several other files, I realized that clearing or setting the above options has no effect. Also, there is no difference if the template is blank or it has data imported.
As of now, I have two different versions of the Dynamic PDF Form that belong to the same master template and one of them was blocked by the malware engine, and the other was not blocked.
What I will do now is that I will compare the XML View of the both versions and try to figure out what is the difference that is causing the form to be identified as infected with malware.