diff --git a/submissions/admin.py b/submissions/admin.py
index 55a74af1245328e21ae9bb82409b2fbceaa4dd42..76115dd30f042acbeceeaad76153650e3c440aeb 100644
--- a/submissions/admin.py
+++ b/submissions/admin.py
@@ -23,15 +23,7 @@ def submission_short_title(obj):
     return obj.submission.title[:30]
 
 
-class iThenticateReportAdmin(admin.ModelAdmin):
-    readonly_fields = ['doc_id']
-
-    def has_add_permission(self, request):
-        """ Don't add manually. This will gives conflict with the iThenticate db. """
-        return False
-
-
-admin.site.register(iThenticateReport, iThenticateReportAdmin)
+admin.site.register(iThenticateReport)
 
 
 class SubmissionAdminForm(forms.ModelForm):
diff --git a/submissions/forms.py b/submissions/forms.py
index ce3532d9453ba31a7d73cb908710dcf6c45e3e20..1381bff3e7e72b396fefbc536a7704cf791ccee2 100644
--- a/submissions/forms.py
+++ b/submissions/forms.py
@@ -1056,8 +1056,8 @@ class iThenticateReportForm(forms.ModelForm):
                 cleaned_data['document'] = helpers.retrieve_pdf_from_arxiv(
                     self.submission.arxiv_identifier_w_vn_nr)
             except exceptions.ArxivPDFNotFound:
-                self.add_error(None, ('The pdf could not be found at arXiv.'
-                                      ' Please upload the pdf manually.'))
+                self.add_error(
+                    None, 'The pdf could not be found at arXiv. Please upload the pdf manually.')
                 self.fields['file'] = forms.FileField()
         elif not doc_id and cleaned_data.get('file'):
             cleaned_data['document'] = cleaned_data['file'].read()
@@ -1073,7 +1073,17 @@ class iThenticateReportForm(forms.ModelForm):
         # Document (id) is found
         if cleaned_data.get('document'):
             self.document = cleaned_data['document']
-            self.response = self.call_ithenticate()
+            try:
+                self.response = self.call_ithenticate()
+            except AttributeError:
+                if not self.fields.get('file'):
+                    # The document is invalid.
+                    self.add_error(None, ('A valid pdf could not be found at arXiv.'
+                                          ' Please upload the pdf manually.'))
+                else:
+                    self.add_error(None, ('The uploaded file is not valid.'
+                                          ' Please upload a valid pdf.'))
+                self.fields['file'] = forms.FileField()
         elif hasattr(self, 'document_id'):
             self.response = self.call_ithenticate()
 
diff --git a/submissions/views.py b/submissions/views.py
index d92b18082a9292f7036d370f8b2184c69ddd2e52..72b48946933cf11a1aa12fc494ef185061bddd08 100644
--- a/submissions/views.py
+++ b/submissions/views.py
@@ -261,9 +261,14 @@ def submission_detail(request, arxiv_identifier_w_vn_nr):
 
 def report_attachment(request, arxiv_identifier_w_vn_nr, report_nr):
     """Download the attachment of a Report if available."""
-    report = get_object_or_404(Report.objects.accepted(),
-                               submission__arxiv_identifier_w_vn_nr=arxiv_identifier_w_vn_nr,
-                               file_attachment__isnull=False, report_nr=report_nr)
+    report = get_object_or_404(
+        Report, submission__arxiv_identifier_w_vn_nr=arxiv_identifier_w_vn_nr,
+        file_attachment__isnull=False, report_nr=report_nr)
+    if not report.is_vetted:
+        # Only Admins and EICs are allowed to see non-vetted Report attachments.
+        if not Submission.objects.filter_for_eic(
+            request.user).filter(arxiv_identifier_w_vn_nr=arxiv_identifier_w_vn_nr).exists():
+            raise Http404
     response = HttpResponse(report.file_attachment.read(), content_type='application/pdf')
     filename = '{}_report_attachment-{}.pdf'.format(
         report.submission.arxiv_identifier_w_vn_nr,