Report a bug / security issue
OS version: MacOS Sequoia 15.5 (24F74). Up to date with all patches.
App version: 8.3.3
Downloaded from: ONLYOFFICE website. Normal install process.
Additional information: been running Only Office for several months, very impressed with the product.
While editing a document this afternoon, I received a warning about a trojan security risk
“We moved changesO.json to Quarantine because it was infected with Script:SNH-gen [Trj].”
which seems to originate somewhere within the software.
I had no other programs open at the time of editing the document. Security software is up to date.
File path was: /users/myname/Library/Application Support/asc.onlyoffice.ONLYOFFICE/recovery/DE_N3MJ5H/changes/changes0.json
Can you (Only Office Devs), check just in case something nasty made its way into the code or there is a security threat that is targeting Only Office?
Hello @jcd
Are you using any anti-viruses on the device? It is not quite clear what put the file in quarantine and showed the warning. Can you elaborate?
In general, the file that you are mentioning contains changes you made to the file during editing. They are applied when saving the file. If you performed some custom actions or you have a scenario on how to reproduce the issue, please feel free to share.
By the way, does it happen with particular file? If so, what is the origin of this file? It is possible that the file itself is infected with a virus.
Hi Constantine,
Yes, I have anti-virus software installed and latest security patches installed in both MacOS and the anti virus software. The anti virus software quarantined the file.
I was editing a text file, specifically, I had a table (1 Row / 2 columns ), a small PNG file in the first column and some text in the second column. I copied and pasted the text from the second column below the table and then deleted the table (including the PNG file). it was as I copied and pasted the text that I received the anti virus warning.
The file was a new file created within OnlyOffice, with some of the text copied from a word document created earlier this year. perhaps the word document was infected, but there was no antivirus warning on the word document.
Very bizarre behaviour, I have not been able to reproduce the issue and a full virus scan has not detected any other viruses. Maybe some other users have had similar issues?
I logged the issue, just in case this is a security threat specifically targeting only office.
Thanks for following up. JD
Thank you for the information. I haven’t seen similar queries, so I must ask – what antivirus software is being used exactly?
Good afternoon,
Same issue as JCD has described. My Mac OS Sequioa is up to date, as is my AVG antivirus software which found and quarantined the trojan. I took screenshots of the popup from AVG and could not attach them to this message, as I received a 403 error from your server. Here are the File Path and Process from the screenshot:
/Users/gschne1/Library/Application Support/asc.onlyoffice.ONLYOFFICE/recovery/DE_amCKoe/changes/changes0.json
/Applications/ONLYOFFICE.app/Contents/Frameworks/editors_helper (Renderer).app/Contents/MacOS/editors_helper (Renderer)
Any thoughts or advice? I do wish to continue to use ONLYOFFICE but cannot tolerate a potential security risk. Thank you!
GS
Hello @gschne
Thank you for the information. Can you please specify version of Desktop Editors?
Also, @jcd, may I ask you to update the app to the actual version 9.0 and check the situation again?
Hi Constantine,
Apologies for delay in replying, was travelling for work.
I am using Norton Antivirus. I have upgraded to the latest version, have not seen the problem since upgrading. I will try to recreate the workflow that I was using when I first saw the issue, to see if it happens again.
Thank you for the details. I’d be also nice to know version of your antivirus software. Looking forward to your feedback on the status after the update to 9.0.