🐈
» Forums » Freelancers » Re: PDF forms are getting WIPED
Page options
cj50
Community Member

*Edited* Attachment are getting Sanitized

HELP! has anyone noticed that recently all the code in PDF forms is been wiped when passing / attaching submitting work to the clients?

160 REPLIES 160

This messeage apperas when trying to download the attached file from the client

It is not safe to download this file. If you really want to access this file please contact Customer Support.

 

the file is essential to submit a proposal

Hi Nipun,

 

I apologize for the inconvenience this has caused you. Please note that due to our Community settings, new users will need to wait up to 2 hours in order to have the option to send private messages. After your Community rank updates from 'New Forum Member' to 'Active Member', please send me a PM with more information about the Client and the job you are trying to apply for so that I can check and assist you further.

 

Thank you.

~ Aleksandar
Upwork

I attached a PDF to a proposal thread with comments on a file sent to me by the project - after upload, the file said "This file has been sanitized." I don't understand what information it contained that triggered this - it was simply a discussion to clarify client requirements - and I want to avoid getting in trouble with Upwork.

AveryO
Community Manager
Community Manager

Hi William, 

All attachments and links transferred on Upwork are being scanned for potentially malicious content. On the link provided on the notification on your messages, you will be able to access the FAQs about Data Sanitation which says that: 
Data sanitization is a type of security control that does not rely on threat detection. It works by assuming all files are malicious and then sanitizing and rebuilding each file to ensure the content is safeIt is effective against known and unknown threats, including zero-day attacks, undetectable malware, obfuscation, and more.

 

If you click on the download button (arrow), you will have the option to download the original file. 


~ Avery
Upwork
vingogly
Community Member

Thanks for the clear and concise explanation.

Hi, I submitted work for payment but the client does not see any change.

 

I verify I submitted the right file, and it was the right one!

 

But when I downloaded from "Work Submissions" it does not contain any code.

 

I upload the file again on messages and the same happens.

 

What is going on? 

 

I should send the code in a text file and explain to my client how to attach it, but it is not supposed to happen.

 

 

re: "I submitted work... but the client does not see any change... What is going on?"

 

It's not working. That is what is going on.

 

That is what this entire thread is about.

 

Don't use Upwork to transmit your files. Don't even attach those files when you use the "Submit Work / Request Payment" button. The client will look at the files and think you don't know what you're doing.

 

Provide the files to the client through a DIFFERENT method that is not Upwork.

Sorry, I just post a question without looking if anyone was experiencing this. I was not aware of this thread, a moderator must move my post here.

 

It is incredible this happens. I delivered on time but my client will think I was unprofessional, making time... 

 

 

Come on UpWork, at least mention that the files we upload were modified!

 

 


Mary W wrote:

I stopped sending edited/ redlined documents via Upwork months ago.  It does, indeed, remove all the editing.  I use my email or Dropbox to submit those.


OMG. This is the first time I see this. I am gobsmacked. 

And don't want to believe it... what an effing mess!!!

The fact that they are removing macros and stuff, why not. But that they don't tell you when they do is unacceptable. But not a surprise.

 

I'm gonna to write an e-mail to Lewis Black about Upwork in the hope he reads it during one of his Rant is due shows.

 

 

 

 

-----------
"Where darkness shines like dazzling light"   —William Ashbless


Rene K wrote:

The fact that they are removing macros and stuff, why not. But that they don't tell you when they do is unacceptable. But not a surprise.


Another alternative (better in my opinion): if they deem the file dangerous, don't deliver it at all, and inform the sender that it wasn't delivered. Having half-baked, mutilated files around at all is a bad idea, especially if they don't change the file name to indicate that it's been changed. There's lots of other software that blocks suspect files, but I don't think I've come across any others that deliver mutilated files.

Hi all,

 

I wanted to share that we do appreciate your feedback and I've shared your request and sentiment about the current process with our team. We'll follow up with an update once we have more information, thank you for helping us improve our platform and maintain a thriving online workspace.

~ Vladimir
Upwork

Is there any further feedback from upwork on this ?

 

Its crazy that I can not deliver to the client a completed .xlsm excel file containing VBA code that they have paid me to write via the Upwork messaging service.  Not all clients are happy revealing their email addresses to allow work to be delivered to them outside of upwork.

Hi Michael,

 

One of our team members will reach out to you via ticket where you can share more details with us. Our engineering team will investigate it and assist you further directly on your ticket. Thank you.

~ Goran
Upwork


Michael C wrote:

Not all clients are happy revealing their email addresses to allow work to be delivered to them outside of upwork.


You can use the Share feature on Dropbox or even https://fromsmash.com/ and send them the link. They don't have to disclose their e-mail.

 

 

-----------
"Where darkness shines like dazzling light"   —William Ashbless

Hello!

The upwork admin said there is a security feature in the site that wipes
all macro in an excel.. they are tagged as malicious files.. it seems more
people are having problem with this...

I think you can try compressing your excel file in a zip file .rar... i
checked my previous proposal with that attachment and the macro was not
removed..



Valeria K wrote:

Christopher and others,

 

I'd like to circle back here and provide an update. In some cases, malware scanning will remove embedded macros, formulas, or active content that is deemed potentially malicious.  If you want the original unmodified attachment, you can receive it by contacting Customer Support but note that Upwork is not responsible for any damage that may be caused by opening unmodified files transferred on Upwork.

Soon we'll be adding in product notifications about this.


So basically, Upwork is failing to do what so many other software companies are managing to do, and that is to do scans and offer a warning but leave the the contents untouched.

 

If we're able to bipass this with a zip file exactly how secure is it?  It's not.

 

Why don't you guys stop trying to reinvent the wheel and do what everyone else is doing for this issue.

 

**Edited for Community Guidelines**

Hi Jordon,

 

We appreciate your feedback. On Upwork we use data sanitization which is a type of security control that does not rely on threat detection. It works by assuming all files are malicious and then sanitizing and rebuilding each file to ensure the content is safe. It is effective against known and unknown threats, including zero-day attacks, undetectable malware, obfuscation, and more. You can find more information about this here. We are working on adding better in-product notifications to inform users about the process when they upload and download files.

 

Additionally, please note that accusations of misconduct, incompetence or other wrongdoing as well as insults aren't allowed by the Community Guidelines and posts including them may be edited or removed.

 

 

~ Valeria
Upwork


Valeria K wrote:

Hi Jordon,

 

We appreciate your feedback. On Upwork we use data sanitization which is a type of security control that does not rely on threat detection. It works by assuming all files are malicious and then sanitizing and rebuilding each file to ensure the content is safe. It is effective against known and unknown threats, including zero-day attacks, undetectable malware, obfuscation, and more. You can find more information about this here. We are working on adding better in-product notifications to inform users about the process when they upload and download files.

 

Additionally, please note that accusations of misconduct, incompetence or other wrongdoing as well as insults aren't allowed by the Community Guidelines and posts including them may be edited or removed.

 

 


Valeria, no offense, but I stopped reading after we use because it's just nonsense.  I don't care what you use.  It's bad.  Period.  

 

Let me say it more nicely, this companies moderators and support team are repeatedly of absolutely no help in anything but the most basic matters.


Removing contents of the files is not really effective against all threats and virus. That's a win for them if the purpose was to disrupt the service.

 

Everybody knows that these days false positives are common and that's why I also have never seen any platform blocking the files instead of warning the users and let them decide.

 

The files still get sent by other means, be that email or cloud drives, so the end result of all this is just more work for Upwork users (and that work is way beyond just sending the files by other means).

If there's some real valid reason (I can see them but I will not say so it just doesn't get repeated after me), that should be explained so people understand.

I completely agree with Pedro.

 

Due to this and other problems with the Messages app I now use email or slack for all my communication with regular clients. In future I will suggest switching at an earlier stage of working with a client.

I discovered this morning that the files I upload to clients are being sanitized. In the process, the edit tracking I have done is being removed. As an editor, edit tracking is a lot of what I do. Why is Upwork trying to destroy my business?

Valeria - I discovered this morning that my files that I send to clients are being "sanitized."  What this means is that some of my edit tracking is removed from the files. As an editor, it is important that I am able to send my clients their files with the edit tracking that I have done. Why on earth is Upwork removing my work!!!!!

Hi Joan and others,

 

I have merged new threads about this topic to the larger conversation we've had about it.

 

In some cases malware scanning will remove embedded macros, formulas, or active content that is deemed potentially malicious.

You'll start seeing notifications when this is done on browser version of Messages starting today and in Upwork Desktop App starting next week. You and your client will also see an option to download the original file by clicking the three dots to the right of the file name and selecting “Download Original File.” In other words, you and your client will have access to the original without having to contact Customer Support.

~ Valeria
Upwork

I'd like to follow up and share screenshots of what the notifications look like when a file is sanitized with the option to download the original. Please, see below:

 

Screenshot_1.pngScreenshot_2.png

 

 

~ Valeria
Upwork

Now attachments in the messages are showing up with "This file was sanitized!" after them. This makes it appear that something was wrong with your file, that Upwork had to go spray disinfectant on it due to it being germy or disgusting in some other way. It can lead clients to conclude that you are trying to infect their computer with malware and Upwork caught it just in time. Sure, they could click "Learn More" but we all know that first impressions count and most people don't want to bother with reading anything they don't have to.

It's totally unnecessary for them to put that on there. I'm sure they would say "It lets the client know that we are doing everything we can to ensure a safe work environment" or some such rote response. Having a safe work environment is expected at minimum; it isn't something for them to brag about or announce every time they do it. It's like putting up a notice that says "Our system worked as expected this morning!" or "We actually let you have your money that you earned - after taking out fees and a waiting period, that is!" Freelancers don't get on here and announce "We got our work done today!" or "I have used the system correctly."

I would like to suggest that they remove that embarrassing text. Scan the files all you like, just don't announce it each time.

Lisa, it turns out that it's a super-important warning, as you'll see in this thread: https://community.upwork.com/t5/Freelancers/Edited-Attachment-are-getting-Sanitized/td-p/576616/jump...

 

"Sanitized" files aren't just scanned--they're modified in ways that in some cases strip out work the freelancer has performed.


Valeria K wrote:

I'd like to follow up and share screenshots of what the notifications look like when a file is sanitized with the option to download the original. Please, see below:

 

Screenshot_1.pngScreenshot_2.png

 

 


What if there are no 3 dots?

 

no dots.jpg

Hi Petra,

 

The UI is adaptive and depends on the size of the screen. If the screen is smaller, the icon will show under the three dots. If the screen is large enough, the icons will show right next to the file like on your screenshot.

~ Valeria
Upwork


Valeria K wrote:

Hi Petra,

 

The UI is adaptive and depends on the size of the screen. If the screen is smaller, the icon will show under the three dots. If the screen is large enough, the icons will show right next to the file like on your screenshot.


So does that mean the file I downloaded was the original, not sanitized file? 

Ahhhh, now I get it... holding the mouse over it shows that it is the original file - all clear now, Thanks!

 

Valeria,

 

I recieved my first sanitized message yesterday on a word document with links in it. I sent a pdf today of it, with no active links, and recieved the same message, but was able to send the document to the client through email. Today I sent a different document, also in word, with no edits, no links, no macros, and no active content, and recieved the same sanitized message. I do not have a different way to share the document with that client and it definitely should not have set off any alarms. It is frustrating and reflects badly on the work I've sent along.

 

What is the solution moving forward?

 

Thank  you

petra_r
Community Member


Erin C wrote:

 

What is the solution moving forward?


original file.jpg

AveryO
Community Manager
Community Manager

Hi Erin, 

Have you tried following the steps in Valeria, and Petra's post? If this option is not available for you, please let us know and our team will be happy to assist you further.


~ Avery
Upwork

I suppose the solution is to use non-Upwork methods of communication whenever possible. I've already switched over to email with all my regular clients. For proposals (and any other situations where I haven't yet switched to email) I'll start using Dropbox (or similar) instead of attachments.

erincrum
Community Member

It is files sent to the clients, not ones I need to download - I am sure they can download, but will have reservations of doing so. My concern is that they are simple word documents, and one in particular has nothing that would trigger a sanitized message - no links, edits, macros, or anything, so I can't figure out why the file would recieve that message

Hi all,

 

I searched for relevant threads on this, but most of what I found was older and didn't seem quite what I needed. 

 

I've been sharing Word doc (and .docx) files for years with clients without any trouble. Then, just last week, when I returned two files to a client (.docx), when they showed up in the message feed, they had the notation "This file was sanitized" underneath them. I opened them back up from the message stream, and they seemed fine, so I didn't worry about it. (I did click the "learn more" link, but there was nothing there that was super helpful or scary.) This particular client has a 10-year-old MacBook and he isn't very tech savvy, so I thought maybe the issue was with the way he was creating his docs. (I'm not super tech savvy either, LOL!) What was confusing, though, was that we'd been passing files back and forth for months without any sanitizing until last week.

 

Today, I sent a .doc file to a different client, and it too went through with the sanitized notation. It didn't come to me like that, and this was the first time I'd returned it to him. I don't know what to make of it.

 

Any thoughts? Any help? If so, I'd appreciate the input.

 

Thanks much,

Sharon

I just started see this "sanitized" notice in the past week to 10 days, so it must be a new "feature" Upwork has implemented.

 

Files I sent to or received from clients in the past usually survived the passage without a problem, though there was very occasionally a corruption created in a file that required the same file be sent via regular email.

 

I have no idea what the purpose or result of this new "sanitization" by Upwork will but, but I'd prefer that if it ain't broke they don't "fix" it.

I wanted to mention that I have been having trouble sending Excel files via Upwork chat recently. When the client opens the file, the pages are all jumbled and mirrored. They sent me screen shots and it is very weird indeed, and it makes me look unprofessional. 

 

Fortunatley I was able to send the files via email with no issues. 

 

Has anyone else been experiencing this issue?

 

 

It could be due to the new sanitized file thing. The client can download the original file by hovering right until they see a "download original file" button. Maybe that will help? 

Thanks Louisa, perhaps that is the issue. However, the customer did download the files (twice). Upwork should not be making clients jump through any hoops or take any extra steps to get the work they paid for. I hope this is a bug they are actively working on. 

Latest Articles
Featured Topics
Learning Paths