When signed PDF attachments are scanned by Symantec Messaging Gateway with the Disarm feature enabled for PDF files, the signature data is removed.

The signature information is stored in a section of the PDF file that is always removed by Disarm as a normal part of processing.

For PDF documents that are only signed and do not have any other Disarmable features, the PDF signature is removed but the document is otherwise not altered.

This is by design.

Note: "Disarm" and malware scanning are separate processes. Disabling "Disarm" will not prevent Messaging Gateway from scanning attachments for malware or viruses.