You are here

Norton Symantec and LibreOffice

2 posts / 0 new
Last post
pbr
Offline
Last seen: 2 months 4 weeks ago
Joined: 2009-06-21 09:23
Norton Symantec and LibreOffice

Thank you for the quick response on my previous post, "[Fixed] md5 mismatch". Now we get to deal with this old thing again —

Just as with the last version of LibreOffice (and as has been previously reported at https://portableapps.com/node/36363 and https://portableapps.com/news/2013-07-27--libreoffice-portable-4.1.0-rel...), Norton's heuristic engine jumped on unopkg.exe and deleted it ("Threat actions performed: 1"). I restored it so that I could upload it to VirusTotal (https://www.virustotal.com/en/file/4d30597a80390db41441895fdc19fc4772e9f...) where it scored 5/50:

Qihoo-360 HEUR/Malware.QVM01.Gen 20140223
Symantec Suspicious.MLApp 20140223
TheHacker Posible_Worm32 20140222
TrendMicro PAK_Generic.001 20140223
TrendMicro-HouseCall PAK_Generic.001 20140223

Additionally, ClamAV categorizes it as a PUP. Frankly, that's my opinion, too. As such, I delete it and it doesn't seem to effect the functionality of LibreOffice, or at least the portable version.

I'm aware that it's what you would classify as a false positive, but it does no good to report it to Norton because, when the next version of LibreOffice comes out, Norton sees it as a new threat. I've visited http://api.libreoffice.org/docs/tools.html to find out what the EXE does; I can't say I came out much the wiser, but if I'm understanding anything on that page at all, unopkg is not an intrinsic part of LibreOffice. This raises a question for me — should you be including it with the download? I know your policy is not to muck with the apps, but having to cajole the AV gets old after awhile. Naive suggestion, perhaps, but could it be offered as a separate option (with the appropriate caveats)?

Understand, I do not think for a nanosecond that you are distributing malware. You are my go-to for things portable and have been for years. The thing is, I've also done very well by Norton down the years, so I'm not about to jump ship over this issue. I'm just wondering if there is any possible mechanism to avoid the false detection since you can't tell the AV to ignore unopkg until after it decides unopkg is Evil.

johandeman1961
Offline
Last seen: 8 years 7 months ago
Joined: 2014-02-24 12:27
I've got the same issue...With Symantec.

I have the same issue with Symantec. It deleted the files unopkg.bin and unopkg.exe.
I have also installed the fullversion of LibreOffice 4.2.1. and Symantec didn't reported anything. I have replaced both files in the portablapps version and it works just fine.

Log in or register to post comments