Apache OpenOffice (AOO) Bugzilla – Issue 125213
Virus checker reports a trojan in the 4.1 windows download
Last modified: 2014-07-07 19:22:16 UTC
Created attachment 83648 [details] Window from Norton 360 describing threat and action taken My Norton 360 blocks the install download because it reports that there is a trojan called suspicious.cloud.9 in it. The download I am trying is from the main SoureForge site. I engaged Norton support to troubleshoot whether it was the checker or the download and they concluded it was the download. One of the reasons they concluded that the download is infected is that we could download successfully from the #1 alternate mirror linked from the SourceForge site. However, my Windows 7 computer won't install that one because it says it is a 32-bit image that is not compatible with my operating system. I know. One issue per report. Just letting you know that this has not been a joyful experience.
I use ESET NOD32 and no problem. Certainly a false positive. Please, report to https://submit.symantec.com/false_positive/
Here is another answer fro mthe dev@ mailing list from Dennis Hamilton: http://markmail.org/message/ewzovt2uzqyqrmyb 1. Disable Norton 360 before downloading. 2. For download, do not select open, select Save and place in a memorable location (your Download folder, for example). 3. Use any of the procedures for verifying the Download. This code is not signed, so you will have to use either the PGP or the MD5/SHA verifications. 4. All of these verify that the downloaded file matches the file from which the verification files were produced. The PGP verification will also assert that the file is signed by the release manager, Juergen Schmidt, at Apache OpenOffice, but there may be a warning that you don't have anything by which to trust that is the release manager's signature. That is normal if you do not use PGP regularly and have a collection of public keys that you trust. 5. In Norton 360, see if there is a setting where it will only remove or quarantine files after confirmation by you. This will let you over-rule Norton in the future, verifying the file yourself instead.