When we open and resave the attached ppt file using Aspose.Slides, the resulting presentation gets quarantined by some AV products that detect a virus.
Using the VirusTotal website (https://www.virustotal.com), we are able to test the document using 56 different AV scanners, and 4 of them are detecting viruses - three of them find “CVE-2006-3590” (Cyren, F-Prot, and NANO-Antivirus) and one is detecting “Bloodhound.Exploit.79” (Symantec). The other scanners do not detect a virus. I’ve attached a screen shot of the results from that website so you can see them yourself.
While I don’t believe there actually is a virus in the document, I’m assuming there are elements in it that look like a virus to these scanners.
I have not attached the re-saved document, as even if it doesn’t have a virus I’m not real sure about attaching something that might trigger an AV warning. If you need to see the resulting document, let me know and I’ll attach it in a password protected zip, or let me know if you have another preferred method of transferring files of this nature. Hopefully you can reproduce it yourselves by just using the attached ppt document and then opening it and resaving it using code like:
Dim Presentation = New Aspose.Slides.Presentation(SourceFile)
Presentation.Save(DestFile, Slides.Export.SaveFormat.Ppt)
Thanks for any help you can give on this. This is a serious issue for some of our clients, as their AV is preventing them from sending out documents after they’ve been processed by our tool.
Hi Michael,
First of all, all of my tests were using Aspose.Slides for .NET 15.8.0 - I usually upgrade to the latest bits before posting here, as every once in a while, it fixes the issue (“usually” because I do occasionally forget ), so I’m seeing this behavior with the latest version.
Now the weirdness - I downloaded your file, checked with the AV tool, and saw no viruses, just like you. Then, just to try it out, I ran the original test on that file - I opened it using Aspose.Slides and immediately resaved it, making no other intentional changes to the file. Testing the resulting document with the AV tool resulted in the same four detections. Thinking it might be something on my development machine, I also tried the same thing with a brand new presentation created on that machine, but no viruses were detected.
I’m surprised that I was able to detect viruses after downloading your file and resaving it myself, though - if it’s something in the file itself, you’d think you’d be able to detect it yourselves, or that in the process of transferring the file to you the virus was stripped, but that can’t be because it showed back up when I ran the test myself.
I’ve attached a zip file with both the original document and the one that resulted after I did the save - the one that’s triggering the AV detections. Could you try again on those documents to see if you can recreate the issue? Also, could you make sure that the AV tool detects the viruses when you submit them, using the “After Saving With Aspose” document?
Thanks,
Michael Whalen
Hi Michael,
I have also run into this same behavior using Aspose.Slides 15.5.0.0. Is there any update on this request?
Hi Jeff,
Our clients are asking for an update on this issue. Has any progress been made on figuring out why the virus scanner is detecting a virus in the documents?
Thanks,
Mike Whalen