Avast and viruses in MSO and OpenOffice.org

The main threat to my computer is the viruses that I can get with different office documents. So I’ve got a set of questions:

  1. Can Avast Home detecte and cure Microsoft Office files of virus infections?

  2. Can Avast Home detecte and cure OpenOffice.org files of virus infections?

  3. Can Avast Home detecte and cure Microsoft Office files of macrovirus infections?

  4. Can Avast Home detecte and cure OpenOffice.org files of macrovirus infections? (OpenOffice.org is using its own version of macro-language.)

Or it only can move infected files to the “Chest”?

Thanks

I think that’s not true for a long time already. The main threats are completely different these days.

Don’t know what this should mean; what’s “virus infection” here?

Yes.

Don’t know about detection, but I’m quite sure it can’t cure them (but OpenOffice macroviruses are quite rare, aren’t they? There were some proof-of-concept samples, but no wide-spread infections like in MS Office).

I mean main but not single. :slight_smile:

[quote="George Yves post:1, topic:612914"] 1) Can Avast Home [b][u]detect and cure[/u][/b] Microsoft Office files of virus infections? 2) Can Avast Home [b][u]detect and cure[/u][/b] OpenOffice.org files of virus infections? [/quote] Don't know what this should mean; what's "virus infection" here?
I ask those questions because I [b]never saw Avast curing[/b] infected files - usually it suggests to rename or move them.
[quote="George Yves post:1, topic:612914"] 4) Can Avast Home [b][u]detect and cure[/u][/b] OpenOffice.org files of macrovirus infections? (OpenOffice.org is using its own version of macro-language.) [/quote] Don't know about detection, but I'm quite sure it can't cure them [...].
Oh, I'm a member of one of OpenOffice.org Communities (Russian release; http://community.i-rs.ru ), and it's a very disappointing news for me.

OpenOffice documents are basically renamed ZIP archives (Deflate) with data content (mostly XML files) packed in it. So basically you just have to unpack the Deflated container to see it’s content…

Don’t you find it to be a long and annoying way?

That’s also what I meant - macroviruses are quite a marginal threat today, not one of the main ones (IMHO).

File infectors (i.e. viruses that modify files as their means of spreading) are quite rare today. Nearly all malware you see today are various backdoors/trojans/worms; there’s no “curing” for their files - to get rid of them, their files are (more or less simply) deleted.

Well, I admit I don’t know anything about OpenOffice format… unpacking ZIP archives certainly isn’t a problems (and avast! would do that, no matter if it’s renamed or not). However, to remove macroviruses from them would probably mean understanding the particular XML format and modifying it somehow (but as I said, I don’t know the format, so it’s a pure speculation from me).
Right now, avast! certaily can remove files from those ZIP archives, but I’m not sure if it’s the best way here.

Just use WinZIP/WinRAR/WinACE/7-zip on it and see the content :wink:

http://mihd.net/6w2pv9

???

My guess is that it was meant for Igor…

And can “today’s” Avast Home check files inside the OOo container? I ask this question not just to have fun: OpenOffice.org has almost 10% of the world market of office suits (it’s a big quota!), and Avast could be a leader of antivirus software for OpenDocument Format.

On-access, probably not. But if you use right-click context menu scan option on selected OOo file or during on-demand scan (assuming Archive scanning is enabled), then yes. Though i’m not aware of any kind of malicious content that could (yet) hide into OOo documents. Until then, i don’t think there is really any need to invest time and resources into protecting something (yet) not exploited (exploitable?).
When it’ll be exploited, they’ll certanly provide protection for that infection vector.

If you use Standard Shield High sensitivity level, yes.
If you set Normal level and add the OpenOffice extensions to the list of the extensions to be scanned, yes again.

Well, avast! might scan them, but i’m not sure if it’ll actually unpack them… Because by default it doesn’t unpack on-accesss scanned files…

You’re right. I’m not thinking on unpacking and then scanning but just scanning.