LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Libre Office fake macros (https://www.linuxquestions.org/questions/linux-newbie-8/libre-office-fake-macros-4175619521/)

AlaricWood 12-13-2017 02:09 PM

Libre Office fake macros
 
I don't know if this is a suitable place for this. I have a custom built computer on a gigabyte mother board with an intel i7 chip, 8 gbs ram and 1 tb hard drive. I run Debian 9.

I ran a scan on clam and it came up with 93 Libre Office macros as possible threats. Research took me to what I think was a Ubuntu forum which classed them as false positives. The answer said they were probably Windows viruses, they couldn't affect my machine, I should ignore them as it was up to Windows users to protect their machines. I am not an expert and I hesitate to quarrel with more competent people but that seems to me to be irresponsible. I am secretary of two bodies, I regularly create Libre Office files in .doc format to distribute to my members and I don't think I ought to take any risk of my computer being used to propagate dangerous material either on Linux or Windows.

A careful look at the files showed that at least one was almost certainly a trojan and several were phishing scams. I can't send copies here as they looked so dangerous to me that I immediately deleted them.

My main concern is how 93 macros got installed on my machine without my knowing about it. My firewall is set to deny incoming messages and allow only outgoing. I regularly upgrade using apt-get. I cannot find any setting in Libre Office which authorizes automatic updates.

I use Thunderbird which always shows the full address of senders so it is easy to check if the message is valid or is taking the bank's name in vain. It is so long since I used any other email client that I don't know if this is a feature of Thunderbird only.

If this is not an appropriate forum should I try Libre Office which I don't usually find very helpful.

Regards,

Alaric

MensaWater 12-13-2017 02:19 PM

Saying it is a Windows virus and you shouldn't worry about it does sound like very bad advice to me. Even if it doesn't affect your Linux system there is no reason you should keep it there and risk it someday being sent to someone who does run Windows.

Saying it is a false positive is a different thing. False positive means it was detected as a virus even though it isn't. This does happen because some virus definitions trip on things they don't recognize and haven't been updated to mark as OK.

I would think doc Macros if they work in LibreOffice would be just as dangerous as they would be in MS Word. I don't know enough about LibreOffice to say whether it would run such macros or not.

You can easily get infected by opening a document that has infected macros. Many editors (including MS Word) won't run macros until you enable them but again I don't know if LibreOffice has such a setting.

frankbell 12-13-2017 07:53 PM

LibreOffice and OpenOffice cannot run MSOffice macros, as they are written in Visual Basic, which is an MS thing.

If OP has documents which contain MSOffice macros on a Linux system, I can easily see their being flagged as potential malware. I don't know for certain whether this is the case and I have no documents contains MSOffice macros to test.

This article contains more: https://www.howtogeek.com/171993/mac...-be-dangerous/

Furthermore, there are such things a malicious macros in the MSOffice word. MSOffice macros are a known, but I think relatively minor, vector for malware.

ondoho 12-14-2017 12:53 AM

if the macros are part of the actual LO install, i wouldn't worry about it.

DavidMcCann 12-14-2017 11:26 AM

LibrOffice macros are XML files, so you can look at them in an editor and verify that they are the genuine article. You've already done that so, as you say, the question is where did they come from? Obviously not from updating LO, if they aren't LO macros. The only explanation I can think of is that you got some infected .doc file(s) from someone at some stage.


All times are GMT -5. The time now is 01:31 PM.