Hey everyone, Tobin (at Updox) here. It's been a while since I've been out here, but I wanted to jump in today to provide a little more information. Hopefully, I can fill in a few gaps, although I can't provide the 100% complete picture.
Odd from/to labelling Dr Carcamo mentioned he is using Updox Central to upload PDF files that his fax server has generated. Updox Central can watch 2 separate folders for auto-uploading files into Updox. They both work exactly the same way, except files in 1 folder will show in Updox as "file" and the other will show in Updox as "fax". This is purely for convenience, so users can easily tell which items came in on their fax server (Dr Carcamo's use case is exactly the reason we built this feature). But, this is why his faxes are showing up from "South Texas Surgeons" to "South Texas Surgeons", Updox Central always uploads items from the practice to the practice, because it doesn't have any more information. It doesn't know the actual fax number it came from (or was sent to), it just knows what practice it is connected to.
PDF files While PDF files may be received via email, or uploaded by Updox Central, or manually dragged-and-dropped into Updox, Updox never actually presents these PDF files to the user. On our server, we process and break the PDF into its individual pages and store those pages as PNG files. Those PNG files are the images you see in Updox, both in the desktop client and the web app. The actual PDF is never transmitted/displayed anywhere. If user imports something into Amazing Charts, we actually take those PNG images and build a new PDF out of them. So, even if an dangerous PDF makes its way into Updox, it is immediately neutralized and 1 of 2 things happens: either the PDF is so badly malformed that we can't even turn it into images and you would see nothing in Updox, or we would turn the PDF into one or more PNG images and you could view them in Updox, but there would be no risk as PNG files are not a possible vector for a ransomware attack.
Weird Java files I believe the 2 weird Java files are indeed, as
mczdsm above postulated, the result of the ransomeware encrypting files on the server and Updox Central uploading the resulting encrypted files. We see 1 of these files labeled as an "upload" and 1 of them as a "fax" (mirroring the Updox Central auto-upload capability) and while Updox Central knows it is not supposed to upload the Thumbs.db files that Windows creates, when the ransomware encrypted the 2 Thumbs.db files in the 2 upload folders and changed their names, Central happily uploaded them. I looked at the files and they are clearly encrypted files, I don't think that they are anything that represent a risk. Even if someone tried to download them and double-clicked on them, your computers would have no idea what to do with them.
Virus scanning Updox
does do virus scanning on inbound email attachments.
And finally... All that being said, it's wise to treat Updox like you'd treat Gmail, especially if you're receiving email in Updox. You probably don't need to download and run something that somebody emailed you in Updox and told you to double-click on. Treat external links in email carefully. You know the drill, be smart out there.
I hope this helps answer some of the questions. I'm not usually out here on the forums these days, but I'll keep on eye on this thread for a day or two.
Tobin
