Everyone opens an attachment without thinking, simply because it's the fastest way to view a document. We receive a PDF by email, a Word file on WhatsAppImagine an image on Telegram… and you immediately open it, assuming it's just ordinary content. However, some formats can load remote elements, execute macros, or exploit software vulnerabilities as soon as they're opened. This risk is a daily reality for many professionals who handle documents from sources they can't always verify. In this context, having a simple way to neutralize a file before opening it becomes a crucial security measure. That's precisely what Dangerzone does.
How does Dangerzone compare to an antivirus program?
Dangerzone presents itself as a "virtual photocopier." It takes a potentially dangerous document and recreates a sanitized version, similar to printing followed by scanning. This seemingly simple principle is based on solid technical work, designed from the outset to meet the needs of journalists and professionals who must handle files from unknown sources. The project was initiated by Micah Lee and is now maintained by the Freedom of the Press Foundation. It is entirely open source, licensed under AGPLv3, and available on Windows, macOS, and Linux.
Unlike a antivirusDangerzone is not looking to identify malwareIt simply eliminates any active part of the file. Where an antivirus program must recognize a threat to block it, Dangerzone removes the problem at its source by reconstructing a purely visual PDF. This approach even bypasses unknown malware or malware designed to exploit zero-day vulnerabilities.
The site emphasizes that all processing is done locally, without any transfer to a server. This is a crucial point, as the documents handled may contain sensitive information, or even metadata capable of identifying a source. Dangerzone also neutralizes this type of element, since it only preserves the document's appearance, and not its internal structure.
How does Dangerzone secure a document?
Dangerzone's strength lies in its isolated execution environment. When a file is processed, the application creates a Linux container using Docker Desktop. Inside, it launches a gVisor sandbox, which intercepts and filters system calls. This double layer of isolation prevents the document, even a malicious one, from accessing the network, system files, or the computer's kernel. The container cannot see, communicate, or modify anything. Once the conversion is complete, it is simply destroyed.
The process follows a precise pipeline. Dangerzone begins by opening the file in the sandbox. Depending on the format, it uses LibreOffice (for Word, Excel, PowerPoint, or ODF documents) or PyMuPDF (for PDFs and images). The goal is to obtain a basic PDF. This PDF is then sliced page by page and converted to RGB pixels. At this stage, there are no macros, no scripts, no active elements; just a visual representation of the document.
The process in the sandbox ends here. The pixel data is sent outside, where Dangerzone reconstructs a compressed PDF. An option allows adding an OCR layer to make the text selectable or searchable. The final file is named safefilename.pdf, and the original is archived to prevent accidental opening.
This method works with over twenty formats: PDF, DOC/DOCX, XLS/XLSX, PPT/PPTX, ODT, ODS, ODP, JPG, PNG, GIF, SVG, TIFF, BMP, and even EPUB. This covers the vast majority of documents received daily in a professional or personal environment.
Dangerzone's limitations: what it doesn't do (and what you need to know)
Dangerzone provides a useful layer of security, but the tool has several important limitations that should be noted:
- No online version; the application must be installed locally.
- Docker is mandatory, which may deter novice users.
- Large disk space required, as the tool downloads system images of several gigabytes.
- Limited formats, no support for ZIP, video or audio files
- Metadata not being retained, which can pose a problem in a legal or digital investigation context
- Visual markers are still present, such as printer dots or certain steganography techniques.
- No protection against vulnerabilities related to system previews, such as thumbnails generated by the OS.
- A targeted attack is still possible, although it would require bypassing several successive layers of protection.
The tool itself is interesting, but the need to download Docker (480 MB) and Dangerzone (780 MB) remains somewhat inconvenient. Of course, these tools will take up a bit more space once installed.
Article updated on December 21, 2025 by Byothe
