AntiVirus alert in debian 2.9.0 package

Open forum for end-user questions about Wine. Before asking questions, check out the Wiki as a first step.
Forum Rules
Locked
atterdag
Newbie
Newbie
Posts: 1
Joined: Thu Jun 01, 2017 11:02 am

AntiVirus alert in debian 2.9.0 package

Post by atterdag »

I'm got this alert installing 2.9.0.

Code: Select all

[...]
Unpacking wine-staging-i386 (2.9.0~jessie) over (2.8.0~jessie) ...

********************** Sophos Anti-Virus Alert ***********************
Threat "Mal/Agent-IR" detected in file
"/opt/wine-staging/lib/wine/fakedlls/midimap.dll.dpkg-new".

The file is still infected

**********************************************************************

********************** Sophos Anti-Virus Alert ***********************
Threat "Mal/Agent-IR" detected in file
"/opt/wine-staging/lib/wine/fakedlls/midimap.dll.dpkg-new".

The file is still infected

**********************************************************************

********************** Sophos Anti-Virus Alert ***********************
Threat "Mal/Agent-IR" detected in file
"/opt/wine-staging/lib/wine/fakedlls/midimap.dll.dpkg-new".

The file is still infected

**********************************************************************
[...]
Just though your packager would be interested.
Top
User avatar
Bob Wya
Level 12
Level 12
Posts: 3068
Joined: Sat Oct 16, 2010 7:40 pm

Re: AntiVirus alert in debian 2.9.0 package

Post by Bob Wya »

I can reproduce this false positive by downloading, extracting the Debian Wine Staging 2.9.0 32-bit archive and scanning it with the Sophos free Linux Virus Scanner.

Code: Select all

./savscan -zip -gzip -arj -cmz -tar -rar -cab -archive -all /home/robert/Downloads/Debian\ Jessie\ wine\ 2.9.0\ packages/opt/
SAVScan virus detection utility
Version 5.27.0 [Linux/AMD64]
Virus data version 5.30, August 2016
Includes detection for 11781705 viruses, Trojans and worms
Copyright (c) 1989-2016 Sophos Limited. All rights reserved.

System time 01:35:56, System date 02 June 2017
Command line qualifiers are: -zip -gzip -arj -cmz -tar -rar -cab -archive -all

Useful life of Scan has been exceeded

Quick Scanning

>>> Virus 'Mal/Agent-IR' found in file /home/robert/Downloads/Debian Jessie wine 2.9.0 packages/opt/wine-staging/lib/wine/fakedlls/midimap.dll

1869 files scanned in 16 seconds.
1 virus was discovered.
1 file out of 1869 was infected.
If you need further advice regarding any detections please visit our
Threat Center at: http://www.sophos.com/en-us/threat-center.aspx
End of Scan.
Scanning the same file in my Gentoo Wine Staging 2.9.0 install (built from Source) gives exactly the same false positive:

Code: Select all

./savscan -zip -gzip -arj -cmz -tar -rar -cab -archive -all /usr/lib32/wine-staging-2.9/wine/fakedlls/midimap.dll 
SAVScan virus detection utility
Version 5.27.0 [Linux/AMD64]
Virus data version 5.30, August 2016
Includes detection for 11781705 viruses, Trojans and worms
Copyright (c) 1989-2016 Sophos Limited. All rights reserved.

System time 01:37:52, System date 02 June 2017
Command line qualifiers are: -zip -gzip -arj -cmz -tar -rar -cab -archive -all

Useful life of Scan has been exceeded

Quick Scanning

>>> Virus 'Mal/Agent-IR' found in file /usr/lib32/wine-staging-2.9/wine/fakedlls/midimap.dll

1 file scanned in 5 seconds.
1 virus was discovered.
1 file out of 1 was infected.
If you need further advice regarding any detections please visit our
Threat Center at: http://www.sophos.com/en-us/threat-center.aspx
End of Scan.
Just goes to prove - yet again - how useless anti-virus software is... It's all about the up-sell. :roll:
Wouldn't the Sophos developers be the appropriate people to notify about this anyway...

Bob
Top
Locked

Return to “Wine Help”