You are here

Broken Tar in Open Office, Will it Work ? BIG delay to Antivirus.

19 posts / 0 new
Last post
Alan_B
Offline
Last seen: 5 years 5 months ago
Joined: 2008-01-15 14:18
Broken Tar in Open Office, Will it Work ? BIG delay to Antivirus.

I downloaded 2.3.1 Rv 2 from default Amsterdam Mirror
After 100% download completion, NOD32 Version 2.7 took 20 Minutes to scan before it allowed me to touch it.
A subsequent scan (launched via context menu) took 997 Seconds, and log includes
OpenOffice_Portable_2.3.1_Rev_2_en-us.paf.exe »NSIS »testtar.tar »TAR - archive damaged.

I downloaded from Kent (UK) Mirror with the same delays and complaints.
Binary comparison by AptDiff found no differences between the two downloads.

I executed this installer. No errors were reported. I launched both "Writer Portable" and "Calc Portable" without apparent fault - but I would like assurance it is not broken before I risk any valuable documents with it.

I am using Windows XP with SP2, and Firefox 2.0.0.11

1. Is the tar broken, or can I expect it to work ?

2. If ESET NOD32 is WRONG when it says the TAR is damaged, it might help your other users if their mistake can be corrected, OR IF you can tweak the order of packing etc or whatever it is that causes their mistake.

3. I decided to download the earlier 2.3.1 prior to Rv 2 BUT CANNOT FIND WHERE IT IS. If you could give me a link for this earlier version I will try that and follow up with the small "Rv 2" patch file.

Regards
Alan_B

Simeon
Simeon's picture
Offline
Last seen: 10 years 3 weeks ago
DeveloperTranslator
Joined: 2006-09-25 15:15
MD5Sum?

Did you check the MD5Sum of the downloaded files?
That shows you immediately if you have a corrupt file.
And the old Open Office is here. It had its own Project so its harder to find.

"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate

Alan_B
Offline
Last seen: 5 years 5 months ago
Joined: 2008-01-15 14:18
Thank you Simeon. After a

Thank you Simeon.

After a few false starts your link got me to the desired file and it is 4 MBytes smaller than the latest. Looking Good.

ESET NOD32 again locked up the whole system for 20 minutes at the end of the download, and it then released the file for my use. No threats found.

Is there actually a TAR that could be damaged, or has ESET NOD32 wrongly interpreted a particular code byte sequence as being the start of a TAR ?

I full expect that ESET will complain of a broken TAR when I use the context menu to launch a full scan - BUT bedtime was half an hour ago so I wont try this till tomorrow !!!

I have not checked the MD5Sum. I have just looked up how to do it will install into Firefox Tomorrow - but I am now sure that ESET NOD32 was wrong.

Many Thanks
Alan Borer.

Simeon
Simeon's picture
Offline
Last seen: 10 years 3 weeks ago
DeveloperTranslator
Joined: 2006-09-25 15:15
Glad I could help

There are some tar.gz files in my installed version but no "testtar.tar". I hope/think that it was just the corrupt installer giving a false alarm.

"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate

Alan_B
Offline
Last seen: 5 years 5 months ago
Joined: 2008-01-15 14:18
Simeon 1. I should have

Simeon

1. I should have gone to bed at bedtime last night -
the earlier file OpenOffice_Portable_2.3.1_en-us.paf.exe is only 4 KBytes smaller than the later OpenOffice_Portable_2.3.1_Rev_2_en-us.paf.exe - not 4 MBytes I stated.

2. I have downloaded MD5Sum.exe and can use it as a DOS command.
I have seen a reference to a Firefox extension that did the job nicely, but is no longer compatible.
How do you recommend me to incorporate MD5Sum validation for the future ?

3. ESET NOD32 Antivirus is having a hard day with Open Office :-
OpenOffice_Portable_2.3.1_Rev_2_en-us.paf.exe »NSIS »testtar.tar »TAR - archive damaged
Number of scanned files: 52446
Number of threats found: 0

OpenOffice_Portable_2.3.1_en-us.paf.exe »NSIS »testtar.tar »TAR - archive damaged
Number of scanned files: 52446
Number of threats found: 0

OOo_2.3.1_Win32Intel_install_wJRE_en-US.exe »NSIS »openofficeorg4.cab »CAB »testtar.tar »TAR - archive damaged
Number of scanned files: 52849
Number of threats found: 0

Three different files, each of which is reported to have the same damaged TAR.
A context Menu invoked scan took 10 to 16 minutes for each file.
Additionally, the first two different Portable variants were locked up for 20 minutes after Download completion before ESET released them. I think however the NON-Portable third file flew in under the Radar, and its download completed instantly.

I do not know if testtar.tar exists in your Portable versions, but it does exist in the NON-Portable, and suggest you look at whether it has been buried away in part of what you incorporated.

As per a separate posting last night, I mistakenly did "Check for Updates" from my new to me (but obsolete) Portable OpenOffice, and that created havoc by downloading the NON_Portable version. Before I realised what it was I ran the download and directed it to my external Hard Drive H:\. It then created
H:\OpenOffice.org 2.3 Installation Files\ with lots of sub-folders
Windows Explorer finds
H:\OpenOffice.org 2.3 Installation Files\openofficeorg4.cab
And Power Archiver finds
testtar.tar 112,640 ? 17/08/2007 21:42

4. The very first file I downloaded from this family was
H:\PortableApps_Suite_Standard_1.0.exe
This downloaded without delay, furthermore a context menu scan result is :-
PortableApps_Suite_Standard_1.0.exe
Number of scanned files: 1
Number of threats found: 0
And that scan took less than 1 Second, not 10 or more minutes.

Somehow the PortableApps_Suite_Standard has incorporated Open Office, plus other utilities etc., and managed to stealth the whole shooting match against ESET,
like a Star Wars Yoda "The Virus you Seek is Not Here" !!!
It would be nice if you could stealth OpenOffice Portable so that ESET only sees one file, instead of 52446 potential virus carriers to scrutinise for 20 minutes.
Another voice in my head is asking if I should sleep at nights with an antivirus that ignores the possibility of over 50000 virus carrying files in the Portable Suite.

I am off to bed now, whether I get to sleep or obsess about AntiVirus is out of my control !!!

Regards
Alan

John T. Haller
John T. Haller's picture
Online
Last seen: 4 min 8 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
TAR

If there's a 'damaged' tar in OpenOffice.org, it'll be in OpenOffice.org Portable as well... nothing we can do about that. We don't modify those files within OpenOffice.org when we package it.

As for the speed of your antivirus, have you tried other AV programs? It could be that not handling unexpected TARs is an issue with yours you should take up with the publisher.

Sometimes, the impossible can become possible, if you're awesome!

cwinebrinner
Offline
Last seen: 16 years 9 months ago
Joined: 2008-01-15 22:55
Different results

I also have NOD32 v2.7. When I scan the OpenOffice PAF, it only takes a little over a minute, but I do see the corrupted testtar.tar file you're referring to. I've come across corrupted tars in the past and NOD32 has never choked on them, so I don't really believe the tar has anything to do with your speed issues. Additionally, the file is indeed present within the portable version. It's tucked away in "\PortableApps\OpenOfficePortable\App\openoffice\program\python-core-2.3.4\lib\test". 7-Zip confirms that the file is corrupt. I'm fairly certain that the file could be removed from the PAF without incidence if it is indeed causing any problems, which again, I don't think the tar has anything to do with your scan speed. If you open up the tar in a text editor, you'll see that it simply contains a "Python Enhancement Proposals" document.

Jimbo
Offline
Last seen: 4 years 9 months ago
Joined: 2007-12-17 05:43
Actually, the tar is well formed

and any apps that are unable to read it need to have a report sent in to their respective authors, and be fixed.

scooby $ file ../testtar.tar
../testtar.tar: POSIX tar archive (GNU)

scooby $ tar xvf ../testtar.tar
0-REGTYPE
0-REGTYPE-TEXT
0-REGTYPE-VEEEERY_LONG_NAME_____________________________________________________________________________________________________________________155
1-LNKTYPE
2-SYMTYPE
3-CHRTYPE
5-DIRTYPE/
6-FIFOTYPE
S-SPARSE
S-SPARSE-WITH-NULLS

It is a deliberately nasty tarball, that includes many awkward file types, basically for compliance testing of untar code, but the above copy/paste is what the GNU tar program makes of it, without errors...

Alan_B
Offline
Last seen: 5 years 5 months ago
Joined: 2008-01-15 14:18
O.K. I will accept that it

O.K. I will accept that it is NOT a damaged TAR, but one that deliberately tests the capabilities of anything that tries to scrutinise its contents.

Does it have to be so cruel ?

PowerArchiver 2007 reports that
testtar.tar 112,640 ? 17/08/2007 21:42
I do not know what the "?" means, but it seems to mark everything with "?"
AND YET when I extract, all I get are
52053 Bytes in 8 files plus one empty folder
That suggested to me that 112640 - 52053 = 60587 bytes have gone missing !!!

I was surprised that PowerArchiver failed to comment upon a glaring error,
and was beginning to think I should replace PowerArchiver with 7-Zip which does detect and report a problem.

A 60587 byte discrepancy fooled me into thinking the TAR was broken,
so I cannot criticise ESET or 7-Zip for the same mistake.

As a real time (NOT Windows) Software Engineer I delight in testing to the limit to cover every possibility, but if specification compliance required that untar code should accept a 60587 byte discrepancy - would it not have been better to instead change the specification to stipulate that the header (or whatever holds the number 112640) should accurately indicate the total contents (i.e. 52053) ?
I do not intend to be critical - just wanting to learn.

Regards
Alan

Jimbo
Offline
Last seen: 4 years 9 months ago
Joined: 2007-12-17 05:43
That's part of the evil of the test

The fundamental problem is that the objects in the tarball are not all files, there are both symbolic and hard links, as well as character special devices, FIFO specials, and sparse files.

Some of those are not actually supported on FAT or NTFS file systems, so cannot actually be extracted correctly.

Still, it would be nice if PowerArchiver reported a warning that it was unable to extract the 'files', just as it would be nice if 7-zip only warned you instead of claiming the file was broken because it was unable to handle it.

So, in essence, both of them handled it sensibly, for some definitions of sensible Wink , but in a windows environment, anything trying to handle that particular tarball is caught between a rock and a hard place.

The 60k discrepancy looks like the nulled-out sparse file at 49152 bytes, plus the two links, at 3765 bytes each, approximately, plus or minus however they handle the two device files.

Alan_B
Offline
Last seen: 5 years 5 months ago
Joined: 2008-01-15 14:18
Jimbo Thank you for your

Jimbo

Thank you for your explanation.
For years I have known of tarballs, and that Open Source developers used them, and I thought they were just a more efficient way of zipping files into a package.
I had not realised they held anything other than files.

Alan

Jimbo
Offline
Last seen: 4 years 9 months ago
Joined: 2007-12-17 05:43
They're originally from unix type systems

tar stands for T-ape AR-chive and they were the format used for dumping large amounts of data onto tape for backup purposes.

Because of their unix origins, they are capable of handling most of the quirks and oddities that you find on a unix file system.

rab040ma
Offline
Last seen: 4 months 1 week ago
Joined: 2007-08-27 13:35
Windows file systems also

Windows file systems also hold information about files, including owner, security descriptors, meta-information for searching, alternate streams, etc. along with other funky things about the filesystem itself. Tar can store some of those things. The question is how the structure on a windows filesystem gets restored onto Linux and vice versa. It can be somewhat tricky. The goal of a backup program would be to recover not just the data in the file but all the other stuff as well that the program needs to use the file.

Tar by itself doesn't compress, so its archives can be as big as the original files. Tar archives are generally compressed with another program like gzip or bzip2.

It sounds like you might want to do some alternative testing on the OOo install, such as test the PAF on a faster machine, then compare md5 checksums to make sure the scanned version is copied correctly to your machine. Then you could run the installer with the AV off, and then turn it on to scan what was installed. It installs a lot of stuff, so that will take a while, but it might be more direct than having NOD try to decipher the tar format.

John has signed the PAF file with his digital signature. If you trusted him (and the other people who have installed that particular PAF file without their AV software complaining) you could turn off your AV, check the signature, and go ahead with the install. (That's just like an MD5 hash, only more trustworthy.) The signature doesn't say it is virus-free, just that it has not been changed since John packaged it up. If he screws up and includes a virus, it might not get noticed within the first few hours, but it would show up eventually; so if the OOo PAF file has been available for a while (which you can tell from the signature's time stamp) without anyone complaining, that would be pretty good indication you can safely install it with the AV off.

It might take a while for your machine to check the signature, but that might be faster than having the AV software scan the PAF file.

MC

Alan_B
Offline
Last seen: 5 years 5 months ago
Joined: 2008-01-15 14:18
I did think the "damaged

I did think the "damaged TAR" might have caused a big delay - but now agree with you - you are correct, and when I repeat the scan I observe that when I scan this file it is very busy scanning thousands of files before it ever gets to process (and report) this "damaged TAR".

My first PC used DOS.
Every evening when I came home, my son was playing a new game installed from floppy discs he copied at college.
Every week it was time to re-format and reload DOS etc.
So I started paranoid - and became absolutely and totally paranoid.
Now my son has his own P.C., but my daughter shares this P.C. with me, and we now have Broadband which is so much worse than stacks of Floppy Discs !!!

That is why I have NOD32 v2.7 configured for maximum security.
It scans absolutely everything, including text files.

Scanning OpenOffice_Portable_2.3.1_Rev_2_en-us.paf.exe it scans
52446 files in 997 Seconds.
By excluding PNG and CLASS extensions this is reduced to
8011 Files in 238 Seconds
By cancelling "Advanced Heuristics" it changes to
8011 Files in 170 Seconds

How many files does ESET scan for you ?
If you are less paranoid than me, I wish you well !
If your P.C. is 10 times faster than my 4 year old laptop, I accept I am overdue an upgrade, but will probably sit in the corner sulking a bit before I open my wallet !!!

n.b. Scanning H:\PortableApps\OpenOfficePortable it scans
52963 files in 600 Seconds.
Which suggests to me that :-
ESET is somewhat faster when the installation has already unzipped the first layer;
and I have got a "bonus" of an extra 517 files, probably a residue of the original OpenOffice version 2.0.4 that was installed as part of PortableApps.
I now plan to purge the OpenOfficePortable folder, and re-install version 2.3.1. Rv 2.

Regards
Alan

cwinebrinner
Offline
Last seen: 16 years 9 months ago
Joined: 2008-01-15 22:55
Where is the *.paf.exe file

Where is the *.paf.exe file located? Are you scanning it from a flash drive? That would definitely add significant overhead. Here is the output of my scan of the file:


Date: 17.1.2008 Time: 17:15:50
Scanned disks, folders and files: .\OpenOffice_Portable_2.3.1_Rev_2_en-us.paf.exe
.\OpenOffice_Portable_2.3.1_Rev_2_en-us.paf.exe »NSIS »testtar.tar »TAR - archive damaged
Number of scanned files: 52446
Number of threats found: 0
Time of completion: 17:17:24 Total scanning time: 94 sec (00:01:34)

You're right, you may be due for an upgrade. My system is a couple of years old, but it was pretty bleeding-edge when I built it. I don't think I could survive with a 4 year old computer. Blum

Alan_B
Offline
Last seen: 5 years 5 months ago
Joined: 2008-01-15 14:18
The *.paf.exe is on a 300

The *.paf.exe is on a 300 GByte external Hard Drive connected via USB 2 interface.
It takes about 2 minutes to transfer 3 GByte between the internal and external drives,
so it takes about 3 Seconds to read the entire file, after which it is held in RAM,and for the next 15 minutes ESET is scanning but the Activity LED on the external drive is permanently off.

O.K. I need an upgrade, but don't tell my kids because that is what they have been telling me as well !!!

Alan_B
Offline
Last seen: 5 years 5 months ago
Joined: 2008-01-15 14:18
Hi cwinebrinner. I prefer to

Hi cwinebrinner.

I prefer to know of possible problems. Therefore I un-installed Powerarchiver 2007 which could extract some of testtar.tar, but gave no warning of any anomaly, and downloaded and installed 7-Zip, but 7-Zip does not work for me.

7-Zip can extract files from various archives, but when I select testtar.tar and right click, then 7-Zip knows that *.tar is appropriate because it offers to "Open", "Extract (to various destinations), and "Test", but whichever option I select it then tells me
"Cannot open file 'H:\ ... \lib\test\testar.tar' as archive".
I get the same non-result when I use 7-Zip File Manager.
Is something missing ?

I have just found an old disc image that holds, amongst many other things,
another testtar.tar plus 17 other *.tar.
7-Zip is unable to open testtar.tar, but can open the 17 other *.tar.
How do I make 7-Zip work ? How do I get it to tell me the archive is corrupt ?

From http://www.7-zip.org/ I downloaded and ran 7z457.exe.
This installed 7_Zip 4.57
Program Files\7-Zip contains 2,845,370 bytes in 84 Files.
Is there anything else I should download,
or has something got broken in the latest 7_Zip release ?

Regards
Alan

rab040ma
Offline
Last seen: 4 months 1 week ago
Joined: 2007-08-27 13:35
Learning and Troubleshooting

It sounds to me like we are past the "how do I get OpenOffice.org Portable working?" and on to "I want to learn about this stuff". As such we are beyond the scope of OpenOffice support. In fact, what we are talking about is a test file included with Python, so it is a matter for Python support. For more information about what the file is and why it is included in the standard Python package, you should go to their web site. To find out why Python (and the complete Python distribution) are included with OpenOffice.org, go to their web site.

I have confirmed what you say: the standard GUI programs like 7-zip and WinRar say there is a problem with testtar.tar. I did, however, confirm that the standard version of tar doesn't have any problem with it, other than skipping over functions that aren't implemented in Windows. (Tar is a command line program, so if you have never used a command line program you might prefer to skip that particular test.) WinRar says that the file is corrupt, but it too can handle the filesystem types in the tar file that are implemented in Windows.

So: if you want to know why 7-zip can't open the file, you'll have to ask at their web site. If you want to know why the Python folks included this file in their distribution, you'll have to ask them. If you want to know why your antivirus software has such a problem with the file, you'll need to speak with them.

If you want to get OpenOfficePortable going on your USB drive, this is the right place to be. You could just delete the testtar.tar file from the drive (and probably all the other files in the python-core-2.3.4\lib\test directory tree). Then scan the remaining files, observing that they are okay, and begin using OpenOffice with confidence.

There are answers to your questions, and they might be interesting, but don't be surprised if folks here concentrate on solving OpenOffice problems, rather than on pursuing interesting tangents.

I hope that doesn't sound too harsh.

MC

Alan_B
Offline
Last seen: 5 years 5 months ago
Joined: 2008-01-15 14:18
Sorry rab040ma. We have a

Sorry rab040ma. We have a misunderstanding.

I do not want to open testtar.tar. I accept that it has nothing I need.

What I want is an archive extractor which will tell me of any problems, and not leave me in blissful ignorance. PowerArchiver 2007 ignored the anomalies with testtar.tar, which made me think a genuinely broken and incomplete archive might also escape from any error report, even though it fails to extract essential executables etc.

Post from cwinebrinner - January 17, 2008 - 4:42am
"7-Zip confirms that the file is corrupt".

From your second paragraph
"programs like 7-zip and WinRar say there is a problem with testtar.tar".

I have installed 7-Zip. I think there are improvements over PowerArchiver.
BUT when it looks at testtar.tar it does not tell me "file is corrupt", and it does not tell me "problem with testtar".
What it DOES say is that it cannot open it as an archive,
BUT it says exactly the same thing if I aim at a *.txt file !!!
i.e. it does not distinguish between a broken archive and a NON-archive.

So my question is :-
What is the exact error message by which 7-Zip tells you of a problem/corruption ?
Does it just tell you it "cannot open" in the same way that it cannot open a text file, or do you get a more informative error message than is given to me ?

Regards
Alan

Log in or register to post comments