Ubuntu
openoffice.org package

Open Office file containing virus

Asked by James Whalley

I am using Ubuntu with a desktop computer. I have just sent somebody an email with an Open Office wordprocessor file attached to it. This is a file which I created myself in the wordprocessor. They tell me that they cannot open the file because it contains a virus. Is it possible that my wordprocessor contains a virus? What can I do about it?
Thank you for any help.

James

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu openoffice.org Edit question
Assignee:
No assignee Edit question
Solved by:
Patrick M
Solved:
Last query:
Last reply:
Revision history for this message
mycae (mycae) said : 		#1

>This is a file which I created myself in the wordprocessor. They tell me that they cannot open the file because it contains a
>virus. Is it possible that my wordprocessor contains a virus? What can I do about it?

It is extremely unlikely that your ubuntu installation contains a virus if you have only installed software from the default repositories. This would be a first.

Several questions
1) what file format did you send it in? ODF? DOC? DOCX?
2) Do you have any macro code in the document?
3) Do you have any links to external webpages or other external links in the document?

---

The more likely scenario than a virus on your machine (I consider this near-impossible due to the digitally signed repositories that are shipped with ubuntu, provided you checked the MD5 of the ISO before you installed) is that the other users' computer has either detected:
1) macro content in the document (did you make any macros)
2) misidentified the fact that ODF is a compressed format as being a virus - i.e. a false positive.
3) if you compressed the file before sending it, the AV software has miscontrued this double layer of compression as an attempt at hiding malicious code

if (2) I would suggest that you tell the other person to update their av software, as it is most likely that this is a false positive in their software. This may have been fixed in an update.

If their software is up-to-date, they should contact their AV vendor, as the AV software is buggy.

If (1), remove any macros from the document before resending.

A more pragmatic point of view, if the other user is a business user, have them contact their IT dept for assistance. If you need to send the document urgently, consider sending it as plain text inside the email, rather than as an attachment.

AV software continues to have problems in correctly classifying malicious code and plain data. This is because the task is near impossible, and AV companies have a strong conflict of interest to not tell you this:
https://secure.wikimedia.org/wikipedia/en/wiki/Antivirus#Issues_of_concern

Revision history for this message
James Whalley (whalleymj) said : 		#2

Thank you. This is very helpful, and I'll tell my correspondent about the possible AV problem. The file is actually .ODT, a plain text file with no macros (at least, I didn't create any), and I've tried copying it into an email, but apparently this doesn't work (there is no 'paste' option when I try it). Is this because I'm using a webmail provider?

James

Revision history for this message
Best Patrick M (prmillius) said : 		#3

You might try sending the document as something other than.odt file format. Some antivirus programs don't recognize the format, and therefore by default assume the file to be a malicious script. You can either export the file as PDF from libre office or save it directly a a .doc file.

Revision history for this message
James Whalley (whalleymj) said : 		#4

Thank you. I sent it as a PDF file and that worked.