Art Alexion on 8 Dec 2005 13:40:29 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] OpenOffice 2 (1.9 beta) bug?


I want to confirm this before I report it, but it is serious if it is true.

I was doing a virus scan on a samba connected windows machine and found
some old virus-infected word documents (word 6 format, if it matters). 
The virus scanner provided by my ISP is produced by Computer Associates,
and detects infected files in zip archives, but is incapable of cleaning
them.  Not wanting to play with them in the vulnerable windows
environment, I extracted them from Linux using ark.  Then, I opened them
with oo2 (1.9 beta) and saved them as odt files in the original windows
directory, expecting that this would strip the virus code.  Then, I
saved them again as [97/2000/xp] docs (again, in the same directory),
expecting to overwrite the infected copy.  Problems noted:

   1. When opening in oo2, only one in four files prompted oo2's warning
that the file might contain macros.
   2. When saving the files, I got no overwrite warning/confirmation
request.
   3. When I checked the file dates in konqueror, they still had the
time of extraction, not the time of creation.  (which in itself was odd
as I would have expected the original date stamp from the ones in the
archive)  Refreshing the Konqueror view did not change dates.

I used oo2's "Save as..." not "Export..." command.

Everything was done over Samba.

The partition where the files were located is FAT32, not NTFS.

A side question, I suppose is whether my original plan would have been
effective, i.e., would saving them as OpenDocument text files rather
than OpenDocument templates strip out the macro code in which the virus
was written?


-- 

_______________________________________
Art Alexion
Arthur S. Alexion LLC

PGP fingerprint: 52A4 B10C AA73 096F A661  92D2 3B65 8EAC ACC5 BA7A
The attachment -- signature.asc -- is my electronic signature; no need for alarm.
Info @ http://mysite.verizon.net/art.alexion/encryption/signature.asc.what.html

Key for signed PDFs available at
http://mysite.verizon.net/art.alexion/encryption/ArthurSAlexion.p7c
The validation string is TTJY-ZILJ-BJJG.
________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug