[Bug 34092] New: Comodo Antivirus for Linux found a malware in wine
http://bugs.winehq.org/show_bug.cgi?id=34092 Bug #: 34092 Summary: Comodo Antivirus for Linux found a malware in wine Product: Wine Version: 1.6-rc4 Platform: x86-64 OS/Version: Linux Status: UNCONFIRMED Severity: trivial Priority: P2 Component: ieframe AssignedTo: wine-bugs(a)winehq.org ReportedBy: radubaetica(a)gmail.com Classification: Unclassified I have installed Comodo Antivirus for Linux (not via wine) and it keeps telling me that iexplore.exe installed by wine is a malware called "Malware@@#3dobwkd9mzh6p". I reported it as a false-positive several times in a row; I think you should be informed of this, too. Possible duplicate of #33440. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=34092 Rosanne DiMesio <dimesio(a)earthlink.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution| |INVALID --- Comment #1 from Rosanne DiMesio <dimesio(a)earthlink.net> 2013-07-19 09:07:56 CDT --- Not a Wine bug. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=34092 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|INVALID |UPSTREAM --- Comment #2 from Austin English <austinenglish(a)gmail.com> 2013-07-19 18:33:40 CDT --- Upstream is more appropriate imo. Though if they have suggestions on something we can change to avoid the false positive, it might be worth fixing. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=34092 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |austinenglish(a)gmail.com -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=34092 Dan Kegel <dank(a)kegel.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dank(a)kegel.com --- Comment #3 from Dan Kegel <dank(a)kegel.com> 2013-07-20 09:53:57 CDT --- https://www.virustotal.com/de/file/f7f19e3bc3fa6c8d94121543e9427f82debbd3a76... shows that wine's iexplore is detected as malware by five antivirus programs: Commtouch, Comodo, Norman, Symantec, and TrendMicro-HouseCall. So perhaps we have some outreach to do. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=34092 --- Comment #4 from Dmitry Timoshkov <dmitry(a)baikal.ru> 2013-07-20 21:51:26 CDT --- (In reply to comment #3)
https://www.virustotal.com/de/file/f7f19e3bc3fa6c8d94121543e9427f82debbd3a76... shows that wine's iexplore is detected as malware by five antivirus programs: Commtouch, Comodo, Norman, Symantec, and TrendMicro-HouseCall.
So perhaps we have some outreach to do.
Did you pass your own fake iexplore.exe compiled on your OS or used some other source? Just a note: iexplore.exe in Wine (just like other fake .exe/.dll files) doesn't contain any code, just resources, so it's very unlikely that Wine fake PEs may even contain anything for an antivirus check. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=34092 Dmitry Timoshkov <dmitry(a)baikal.ru> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|ieframe |-unknown -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=34092 --- Comment #5 from Dan Kegel <dank(a)kegel.com> 2013-07-20 22:48:55 CDT --- I uploaded the fake iexplore I built myself. Sure, it's not malware. We just have to convince the antivirus makers to realize that. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=34092 --- Comment #6 from Dmitry Timoshkov <dmitry(a)baikal.ru> 2013-07-21 20:46:16 CDT --- (In reply to comment #5)
I uploaded the fake iexplore I built myself. Sure, it's not malware. We just have to convince the antivirus makers to realize that.
One more question: is that a 64-bit PE? Currently winebuild generates 32-bit x86 entry point code for fake PEs (including 'ret' statement, which is supposed to pop correct number of bytes off the stack), perhaps that makes anti-virus checker unhappy. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=34092 --- Comment #7 from Dan Kegel <dank(a)kegel.com> 2013-07-21 23:05:30 CDT --- It was definitely 32 bit. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=34092 --- Comment #8 from Dmitry Timoshkov <dmitry(a)baikal.ru> 2013-07-21 23:24:51 CDT --- (In reply to comment #7)
It was definitely 32 bit.
Then it's clearly anti-virus problem, the entry point code is: mov eax,1 ret 4 -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=34092 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #9 from Austin English <austinenglish(a)gmail.com> --- Closing. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=34092 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |RESOLVED --- Comment #10 from Austin English <austinenglish(a)gmail.com> --- This was inadvertently caught up in my unclosed bugs filter. NOTOURBUG should only be closed when fixed upstream. Setting back to RESOLVED NOTOURBUG. Sorry for the spam. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
wine-bugs@winehq.org