Looks like this is an issue with the virus engine. I found similar reports here:

Office 365 is flagging legitimate PDF attachments as JS/Injector.A - Microsoft Community

Tarek

I realized finally that the problem is not in a certain part of the form. I did a lot of testing, and now I have the conclusion that if I delete large and random parts from the form either script or objects (subforms), then the PDF form will be go through via the email attachment.

From what I see, if the size and/or pattern of the form meet certain criteria then the malware engine will block the form.

Tarek

I was able to pinpoint the parts of the form causing the malware detection engine to block the PDF. See highlighted parts in the snapshot below.

Script Object: FormLocale

Table: posBody

Only when I delete the both the script object "FormLocale" and table object "posBody" then the PDF attachment will go through.

Appreciate if someone can help me find out why, and how I can solve this problem?

I was able to pinpoint the source of the problem... still need to narrow down even further. I deleted a recently added subform, and the malware detection didn't block the Dynamic PDF. This subform uses formcalc script with predicates as such:

 form1.subform[26].posBody.Row1.Cell1.list_repairs.total_row.total.total_repair_estimate_hi::calculate - (FormCalc, client)
Sum(list_repair_item[*].sf_estimate.resolveNode("#field.[At(name, ""repair_estimate_hi"") > 0]"))

This was the first time I use such form. I will try to remove the above and check again.

Tarek

Check the Acrobat Version Compatibility. Are they all set to the same version?

We have about half a dozen of Dynamic PDF Forms. The problem happens with exactly one and only one PDF Form Template, and it is a Dynamic Form. All forms have large amount of javascript, and it only happens with only one of them.

Following is the error we get from Office 365 malware detection engine:

Delete message. Malware: JS/Jasobfus.A!ml;JS/Jasobfus.A!ml;JS/Jasobfus.A!ml;JS/Jasobfus.A!ml;JS/Jasobfus.A!ml File: FullForm_uspap-latest-off-v1.pdf

If I send the PDF as attachment from/to GMAIL account, there is no problem.

I performed test with several PDF Forms generated from the same template over the past year (I got them from the backup). In some cases, the attachment did go through after I open the PDF form in designer, and clear the "Save Options" and save as Dynamic PDF:

But after I repeated the test with the master template and several other files, I realized that clearing or setting the above options has no effect. Also, there is no difference if the template is blank or it has data imported.

As of now, I have two different versions of the Dynamic PDF Form that belong to the same master template and one of them was blocked by the malware engine, and the other was not blocked.

What I will do now is that I will compare the XML View of the both versions and try to figure out what is the difference that is causing the form to be identified as infected with malware.

If you have any feedback, please let me know.

Tarek

Does this occur for Dynamic forms, Static forms or both?