I can reproduce this false positive by downloading, extracting the
Debian Wine Staging 2.9.0 32-bit archive and scanning it with the Sophos free Linux Virus Scanner.
Code: Select all
./savscan -zip -gzip -arj -cmz -tar -rar -cab -archive -all /home/robert/Downloads/Debian\ Jessie\ wine\ 2.9.0\ packages/opt/
SAVScan virus detection utility
Version 5.27.0 [Linux/AMD64]
Virus data version 5.30, August 2016
Includes detection for 11781705 viruses, Trojans and worms
Copyright (c) 1989-2016 Sophos Limited. All rights reserved.
System time 01:35:56, System date 02 June 2017
Command line qualifiers are: -zip -gzip -arj -cmz -tar -rar -cab -archive -all
Useful life of Scan has been exceeded
Quick Scanning
>>> Virus 'Mal/Agent-IR' found in file /home/robert/Downloads/Debian Jessie wine 2.9.0 packages/opt/wine-staging/lib/wine/fakedlls/midimap.dll
1869 files scanned in 16 seconds.
1 virus was discovered.
1 file out of 1869 was infected.
If you need further advice regarding any detections please visit our
Threat Center at: http://www.sophos.com/en-us/threat-center.aspx
End of Scan.
Scanning the same file in my
Gentoo Wine Staging 2.9.0 install (built from Source) gives exactly the same false positive:
Code: Select all
./savscan -zip -gzip -arj -cmz -tar -rar -cab -archive -all /usr/lib32/wine-staging-2.9/wine/fakedlls/midimap.dll
SAVScan virus detection utility
Version 5.27.0 [Linux/AMD64]
Virus data version 5.30, August 2016
Includes detection for 11781705 viruses, Trojans and worms
Copyright (c) 1989-2016 Sophos Limited. All rights reserved.
System time 01:37:52, System date 02 June 2017
Command line qualifiers are: -zip -gzip -arj -cmz -tar -rar -cab -archive -all
Useful life of Scan has been exceeded
Quick Scanning
>>> Virus 'Mal/Agent-IR' found in file /usr/lib32/wine-staging-2.9/wine/fakedlls/midimap.dll
1 file scanned in 5 seconds.
1 virus was discovered.
1 file out of 1 was infected.
If you need further advice regarding any detections please visit our
Threat Center at: http://www.sophos.com/en-us/threat-center.aspx
End of Scan.
Just goes to prove - yet again - how useless anti-virus software is... It's all about the up-sell.
Wouldn't the Sophos developers be the appropriate people to notify about this anyway...
Bob