On Fri, Aug 24, 2012 at 10:52 AM, Rory O'Farrell <ofarr...@iol.ie> wrote: > On Fri, 24 Aug 2012 10:44:34 -0400 > Rob Weir <robw...@apache.org> wrote: > >> On Thu, Aug 23, 2012 at 6:43 PM, Rory O'Farrell <ofarr...@iol.ie> wrote: >> > On Thu, 23 Aug 2012 18:29:57 -0400 >> > "Maurice Howe" <maur...@stny.rr.com> wrote: >> > >> >> I use AVG 2012.0.2180 Free Edition >> >> >> > I installed AOO 3.4.1 on one of my Windows machines today and AVG didn't >> > complain. I'll check in detail tomorrow when the machine is awake - near >> > midnight here and I'm closing down. It is often the case that new >> > OpenOffice releases trigger false positives from virus scanners. >> > -- >> >> I put AVG free version on an XP VM, updated virus signatures, >> installed AOO 3.4.1 Windows en-US from the website and did a full >> scan. No issues reported. >> >> So if Maurice was indeed getting an AV hit, that suggests he might >> actually have something, either preexisting on his machine, or from >> downloading AOO from another website. If it were really a false >> positive, wouldn't we be seeing it as well? >> >> -Rob >> >> > Rory O'Farrell <ofarrwrk@iol. >> > > I'm sure we would all be seeing a warning if there was an intrinsic problem > in the compiled code. Normal reaction from Volunteers on en-Forum is that a > virus/malware warning on a new release of OpenOffice from the approved > download sites is a false positive and I think so it has always proved; with > the transition to Apache special care is needed until the AOO releases become > well established, lest there be adverse publicity/comment. > > It would be helpful if Maurice could tell us the URL of the download site, > the actual file name and size. >
I finally found the image attachment that Maurice sent out originally. It said of the download, it "is not commonly downloaded and could harm your computer'". So this was not a false negative but part of the "reputation-based" mechanisms that AV's are starting to use. They look at a variety factors, including the age of the EXE and how many other users have installed it. If the program is new and not well known, then you will get warnings like this. The warnings go away over time. The only way to prevent them initially is to have your code be signed, or to whitelist your hashes in advance with the AV vendor. -Rob > -- > Rory O'Farrell <ofarr...@iol.ie>
