Note that he said that he would first save it in OO's native format. I would be surprised if the virus could survive this. Claus

While I'd say it might depend on the virus and where it was written and how, I'd have to say that I would assume the virus would still exist. Just because you rename a file doesn't change what is in the file. If the virus code happened to get in the way of star office or whatever you were using then they might perhaps remove the code but its unlikely as they would most like complain about having an invalid file if they detected a problem somewhere.

Naming the file back would just again change the name and the binary information inside the file would still exist. I'm not that knowledgeable about Word macro viruses so I can't be of much more help.

Sorry,

glenn

-- Claus Wilke Keck Graduate Institute, 535 Watson Drive, Claremont CA 91711 Tel.: 909 607 0139, Fax: 909 607 9826 wilke@kgi.edu

On Thu, 2004-07-22 at 16:00, Glenn Hancock wrote:

...

Would the virus still exist in the file? If so how? Are there ways to use OO to eradicate document viruses?

While I'd say it might depend on the virus and where it was written and how, I'd have to say that I would assume the virus would still exist. Just because you rename a file doesn't change what is in the file. If the virus code happened to get in the way of star office or whatever you were using then they might perhaps remove the code but its unlikely as they would most like complain about having an invalid file if they detected a problem somewhere.

Naming the file back would just again change the name and the binary information inside the file would still exist. I'm not that knowledgeable about Word macro viruses so I can't be of much more help.

I think this depends on how embedded the virus is, and what kind of filtering happens on importing the file from MS. Problem is like you I'm in the dark on this one. I'd assume an import, clean up any bad looking sections of file, save native format, exit OOo, reenter OOo open, export would probably help. OTOH one could virus scan it with FOSS tools. Mike -- thinking this is the hard way of riding .DOC files of virii

Alexandr Malusek wrote:

Philipp Thomas writes:

...

The only possible viruses in a document would be macro viruses and AFAIK OOo doesn't convert macros.

A multimedia file may cause a buffer overflow which can be used to activate a virus embedded there. In this case, the virus would survive the conversion from MS-Word to OOo and back since multimedia files (JPEG images, sounds, ...) included in office documents are not converted.

Holes in image processing libraries were reported but I've never heard about a virus which uses them so this possibility is rather theoretical.

-- A.M.

As mentioned here before, I've had one experience of an infected word document which would not open under Linux and StarOffice 5.2. It has been reported once that someone noticed that a worm would affect Wine/crossover, I also experienced a case where worms in Lotus Notes emails under crossover had queued up to mail everyone in my address book, what made me curious was that opening those mails was very slow, I was able to kill the outgoing mail and delete the problem emails. Whenever I do a new install, I get libsafe installed globally to stop buffer overflows from doing their nasties. Every binary has a LD_PRELOAD of libsafe, e.g:- barrabas:/usr/src/linux-2.6.8-rc2 # ldd /usr/bin/grep /lib/libsafe.so.2 => /lib/libsafe.so.2 (0x40019000) linux-gate.so.1 => (0xffffe000) libc.so.6 => /lib/tls/libc.so.6 (0x40040000) libdl.so.2 => /lib/libdl.so.2 (0x40155000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) SuSE 9.1 and Mandrake 10.0 currently. Connectiva has libsafe by default. SuSE's reaction to the first version of libsafe was not favourable, the then reason given was that it did not stop all buffer overflows and format strings, but I thought that some protection was better than none. Later versions included many improvements and seem more worthy of inclusion than the likes of subfs. Regards Sid. -- Sid Boyce .... Hamradio G3VBV and keen Flyer =====LINUX ONLY USED HERE=====

"Hylton Conacher (ZR1HPC)" [Sat, 24 Jul 2004 17:00:21 +0200]:

but does that mean they are rendered in-operable on a windows machine if saved twice ie to OO.org and then again to M$ format before being emailed to a M$ user?

Now that's a question I can't answer. I'd say, just test it yourself :) Write a simple Word macro, attach that to a document and see if it survives the transition word->OO.org->word. Philipp