Virustotal not scanning after uploading libreoffice docx and xslx files

English
#1

Hi for libreoffice Version: 24.2.7.2 (X86_64) / LibreOffice Community
Build ID: 420(Build:2)
CPU threads: 4; OS: Linux 6.14; UI render: default; VCL: gtk3
Locale: en-CA (en_US.UTF-8); UI: en-US
Ubuntu package version: 4:24.2.7-0ubuntu0.24.04.4
Calc: threaded

when i go to upload file at virustotal.com it complains about it being a 2 part zip file and although i can upload it won’t scan.

anyone having similar issue? the file survived clamav and jotti malware service but not virustotal.
just checking for viruses.

thanks,
jim

#2

Best to ask at virustotal. Can it scan a normal file or not?

#4

According to the link below they should know, how to scan docx. The 2-part makes me thinking, if you have someting like hybrid pdf, where the LibreOffice-source is appended to/in the pdf. As the appended Office file (same for ods and xlsx) are zip-archives itself Virustotal would be correct in its finding.

What type of files are supported by code insight?.

#5

Hi-

I understand that you say that virustotal is correct in its findings, but just to be sure,will you test one please for me … try to upload a .docx or .xslx and see if it behaves the same way towards you?

I am hoping someone will independently verify this because with just seeing what i can see on my end i have no way of knowing 100 percent if the problem is just with my computer or if it affects everyone else too (therefore I may not to worry as much).

I’d really appreciate the confirmation because they are a little slack getting back to me as I am sure they are very busy.

I wouldn’t otherwise ask but recently suffered a hacking incident and only have clamav for a scanner. They want $160 for a scanner sophos and ESET $200 for a linux scanner.

thanks for any further assistance and getting back in touch,
jim.

#6

No, I didn’t say that.
.
I gave an example for documents with appended data (here pdf).
.
You may just check the file yourself: Rename the file fro docx/odt to .zip and extract contents to a folder. Then search for a .zip-file in the extracted data. If nothing found check other office filetypes…

#7

okay,

I can kind of see that when i rename it to zip and extract it there are multiple files.
And again, it won’t scan unless it is a ‘single file’ or unless i gzip it.

so that helped elude what is going on.

i figured out finally i have to gzip it first.

thanks for the cool help!
jim

#3

i asked i don’t know how long before they will get back. it has been 2 days. yes, it will scan a different file.
there is a cve on a prior version of libreoffice, and i don’t know if it is related. I escalated to virustotal.

thanks all,
j.

#8

the gzip isn’t advisable because it could activate virus.
I’m looking at a 2nd opinion scan per the ai run it as an email attachment and then piggy back off the email virus/malware check is safer than the gzip route. Clamav is okay but sometimes it is cool to get a second opinion.

thanks,
jim

#9

?? Where have you found that?
.

Unlikely, but as you don’t give a link, you have to judge yourself…

#10

wanderer-

I guess i got confused it is only during extraction that it could execute the virus from what this says. As for the cve the duck.ai didnt answer my question exactly. so i will use gzip again to check it for virus and if it passes of course go ahead and unzip.

I don’t really know if i am running in zip repair mode or even if my version of libreoffice is affected. Just that i should be scanning which is a good practice when i get a file not from my pc.

thanks for pointing that out.

thanks again for the correction,
have a cool day,
jim

It’s a common misconception that using gzip or similar compression tools can directly activate a virus. Gzip itself is just a compression utility and does not execute code. However, there are some nuances to consider:

Gzip and Virus Activation- Compressed Files: When a file is compressed using gzip, it becomes a .gz file. This file can contain any type of data, including executable files that could be harmful if extracted and run.

  • Execution of Code: A virus does not “activate” just because it’s zipped; it requires execution. If the compressed file contains malicious software and is extracted and executed by the user, that’s when it can be harmful.
  • Email and Security Considerations: Compressed files can sometimes bypass security filters, which is why some viruses are distributed this way. This doesn’t mean gzip itself is harmful; rather, it’s about the content within.

If you’re discussing this in forums, you might clarify that the risk comes not from gzip specifically but from how compressed files can potentially harbor malicious software that can be executed when users interact with them.

from ducikai

Virus Reports in LibreOffice 24.2.7.2

Reports regarding viruses in LibreOffice version 24.2.7.2 have surfaced, but it’s essential to understand the context and nature of these reports.

Known Vulnerabilities1. CVE-2024-7788:

  • This vulnerability relates to improper digital signature invalidation in Zip Repair Mode, affecting versions prior to 24.2.5. While your version is later than that, it’s still wise to ensure you’re safe.

  • Initial reports indicate that this vulnerability could allow signature forgery, potentially leading to security risks.

  1. General Safety Measures:

    • Frequent Updates: Ensure you’re running the latest version of LibreOffice, as older versions may have unresolved vulnerabilities.

    • Antivirus Software: Use reliable antivirus software to scan documents before opening them.

Virus Transmission Concerns- Malware Distribution: While LibreOffice itself is not inherently malicious, documents created or modified with it can potentially contain malware if sourced from untrusted places.

  • Phishing Risks: Be wary of receiving documents from unknown sources, as they may contain malware disguised as scripts or macros.

Recommendations- Keep your installation up-to-date with the latest patches.

  • Regularly check the LibreOffice official website or your operating system’s package manager for updates.

  • Utilize strong antivirus software to scan all files received via email or from the web.

By staying vigilant and ensuring your software is always updated, the risk of encountering viruses can be minimized.

Search Results- LibreOffice 24.2.x < 24.2.5 / 24.8.0tenable.com

CVE-2024-7788 could this be why virustotal is saying my .xslx and .odt files are zip files

duck.ai

Impressum (Legal Info) | Datenschutzerklärung (Privacy Policy)   Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.