keneso wrote: ↑Wed Jan 25, 2023 9:09 pm
Is the soffice.bin the infected file?
Probably not. Let's say you use your web browser to open a page, say
https://www.foo.bar. That page has a link to
aoo-pdf-import.apache-extras.org.codespot.com. When you click on the link, your anti-virus software says that may be URL:Phishing. Why? The real site is
codespot.org, not
codespot.com. The page is trying to trick you to visit the wrong site. (My "links" in grey are not real and won't respond if clicked. Only the link in blue can be opened.)
What
program (process) tried to open the site? Your web browser. But is your
web browser infected? No, the
page is infected.
You seem to have the same situation here. If you open a naughty Writer document with OpenOffice which contains a
hyperlink to
aoo-pdf-import.apache-extras.org.codespot.com and you click it, your anti-virus will issue a warning. Is OpenOffice infected? No, it's the
document that's infected.
Or let's say you have a macro written for OpenOffice. The macro came from somewhere else, and is not part of the OpenOffice installation. If the naughty macro connects to to
aoo-pdf-import.apache-extras.org.codespot.com your anti-virus will issue a warning. Is OpenOffice infected? No, it's the
macro that's infected.
It may be difficult for your anti-virus software to determine exactly what is infected — a web page, a Writer document, a macro — so it just reports the name of the
program (process) that was running, which for you was soffice.bin.
keneso wrote: ↑Wed Jan 25, 2023 9:09 pm
Lately when using OpenOffice the antivirus reports a threat:
elfmmf wrote: ↑Fri Feb 17, 2023 3:21 pm
Having same problem.
Others reading this post will want to know exactly which anti-virus software you're using.
Both of you. The difficulty may be specific to a particular anti-virus product.
keneso wrote: ↑Thu Jan 26, 2023 11:48 am
the issue is recent (a month or so)
elfmmf wrote: ↑Fri Feb 17, 2023 3:21 pm
Just started within the past month.
OK, your anti-virus product updated its diagnostic rules recently. Good anti-virus products update their rules often, perhaps even daily, as new threats emerge. The rules are dynamically loaded from the internet, not when the anti-virus software is installed or updated.
Hagar Delest wrote: ↑Wed Jan 25, 2023 10:32 pm
You can check the hash of the installation files before reinstalling. Have you downloaded it from the SourceForge servers?
Agreed. To be safe only download via the
⬇︎OpenOffice link at the bottom right of this page. For additional security, you can check the hash yourself as explained in the
How to Verify the Download link inside the second box on that page.
keneso wrote: ↑Wed Jan 25, 2023 9:09 pm
do you think if I uninstall, and reinstall OpenOffice it'll fix it?
Not if the real culprit is a naughty document, macro, etc.
If this solved your problem please go to your first post use the Edit ☐ button and add [Solved] to the start of the Subject field. Select the green checkmark icon at the same time.