Hi John, *, On Tue, May 12, 2026 at 6:19 AM john wickliffe <[email protected]> wrote: > ---------- Forwarded message --------- > From: john wickliffe <[email protected]> > Date: Mon, May 11, 2026, 9:13 PM > Subject: I found infections in libre office downloads after checking the f44 > install I have on a 5tb drive
Those aren't actual infections, but triggers from heuristics/guesses. > these macroe found infecting the following files. > PUA.Doc.Tool.LibreOfficeMacro-2 PUA: "Potentially Unwanted Application" - and looks like it flags anything that has a macro. > PUA.Win.Trojan.Xored-1 > > Found 267 possible threats (321523 files scanned). > > /home/john/.cache/mozilla/firefox/92twzorw.default-release/cache2/entries/E25C146CB37BF486A3565D52904D1F01739E580F Not sure why your browser's cache is related to LibreOffice... > PUA.Win.Trojan.Xored-1 > /var/lib/flatpak/repo/objects/33/1fdad62d009d4e7c48cac3b5d745cd39753015547af3d85f4a4f3fe00f5af8.file Wouldn't necessarily trust that detection in repo files/that's then just dupes of the actually used files... > PUA.Doc.Tool.LibreOfficeMacro-2 > /var/lib/flatpak/app/org.libreoffice.LibreOffice/x86_64/stable/b0c467918f94eef34ab1c5f99b0e03235bfbb0d52245a9adeba4ceee2d6e15c6/files/lib64/libreoffice/presets/basic/Standard/Module1.xba Just look into the file - it is just a handful of sample macros similar with the other xba files, that's just a set of default macros, mostly used by the access2base functionality, the wizard or scriptforge. It just flags anything that includes a macro, but doesn't check whether it is malicious/dangerous or not. It is as if your virus scanner would blindly remove all .py files. Pretty pointless. ciao Christian
