incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Weir <robw...@apache.org>
Subject Re: [ANNOUNCEMENT] Apache OpenOffice 3.4.1 (incubating) released
Date Fri, 24 Aug 2012 18:26:53 GMT
On Fri, Aug 24, 2012 at 10:52 AM, Rory O'Farrell <ofarrwrk@iol.ie> wrote:
> On Fri, 24 Aug 2012 10:44:34 -0400
> Rob Weir <robweir@apache.org> wrote:
>
>> On Thu, Aug 23, 2012 at 6:43 PM, Rory O'Farrell <ofarrwrk@iol.ie> wrote:
>> > On Thu, 23 Aug 2012 18:29:57 -0400
>> > "Maurice Howe" <maurice@stny.rr.com> wrote:
>> >
>> >> I use AVG 2012.0.2180 Free Edition
>> >>
>> > I installed AOO 3.4.1 on one of my Windows machines today and AVG didn't complain.
 I'll check in detail tomorrow when the machine is awake - near midnight here and I'm closing
down. It is often the case that new OpenOffice releases trigger false positives from virus
scanners.
>> >  --
>>
>> I put AVG free version on an XP VM, updated virus signatures,
>> installed AOO 3.4.1 Windows en-US from the website and did a full
>> scan.  No issues reported.
>>
>> So if Maurice was indeed getting an AV hit, that suggests he might
>> actually have something, either preexisting on his machine, or from
>> downloading AOO from another website.  If it were really a false
>> positive, wouldn't we be seeing it as well?
>>
>> -Rob
>>
>> > Rory O'Farrell <ofarrwrk@iol.
>>
>
> I'm sure we would all be seeing a warning if there was an intrinsic problem in the compiled
code.  Normal reaction from Volunteers on en-Forum is that a virus/malware warning on a new
release of OpenOffice from the approved download sites is a false positive and I think so
it has always proved; with the transition to Apache special care is needed until the AOO releases
become well established, lest there be adverse publicity/comment.
>
> It would be helpful if Maurice could tell us the URL of the download site, the actual
file name and size.
>

I finally found the image attachment that Maurice sent out originally.
 It said of the download, it "is not commonly downloaded and could
harm your computer'".

So this was not a false negative but part of the "reputation-based"
mechanisms that AV's are starting to use.  They look at a variety
factors, including the age of the EXE and how many other users have
installed it.  If the program is new and not well known, then you will
get warnings like this.  The warnings go away over time.  The only way
to prevent them initially is to have your code be signed, or to
whitelist your hashes in advance with the AV vendor.

-Rob


> --
> Rory O'Farrell <ofarrwrk@iol.ie>

Mime
View raw message