[Bug 48418] New: Resources seems contains Heur.AdvML.B infection
https://bugs.winehq.org/show_bug.cgi?id=48418 Bug ID: 48418 Summary: Resources seems contains Heur.AdvML.B infection Product: Packaging Version: unspecified Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: wine-packages Assignee: wine-bugs(a)winehq.org Reporter: s.quilichini(a)lagoon.nc CC: dimesio(a)earthlink.net, michael(a)fds-team.de, sebastian(a)fds-team.de Distribution: --- Created attachment 66189 --> https://bugs.winehq.org/attachment.cgi?id=66189 List of detected infect modules All in smart : Resources seems contains Heur.AdvML.B infection List of infect modules in attachment. Problem is from many releases now, but I don't know if problem with Norton (I don't think so) or package. And I cannot confirm malfunction, Wine don't work anymore on Catalina except installation because of 64 bits... -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48418 s.quilichini(a)lagoon.nc changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |s.quilichini(a)lagoon.nc OS|Linux |Mac OS X -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48418 Rosanne DiMesio <dimesio(a)earthlink.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |INVALID --- Comment #1 from Rosanne DiMesio <dimesio(a)earthlink.net> --- Heur.AdvML.B is not actual malware; it is "a heuristic detection designed to generically detect malicious files using advanced machine learning technology." https://www.symantec.com/security-center/writeup/2016-051811-2400-99 In other words, it's Norton guessing that something might be malware. Googling shows it has a lot of false positives. Assuming you're using the WineHQ packages, that's what this is. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48418 --- Comment #2 from s.quilichini(a)lagoon.nc --- Thank you for quick answer, my post was truncated... I wanted to explain that I think it is a false detection, but I forget to explain. You confirm what I supposed, so I open ticket n° 186488 on Symantec support to try to solve the problem. Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48418 Anastasius Focht <focht(a)gmx.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |focht(a)gmx.net Summary|Resources seems contains |Norton Security Scan flags |Heur.AdvML.B infection |binaries from Wine 5.0-rcX | |macOS package as Virus | |(Heur.AdvML.B) --- Comment #3 from Anastasius Focht <focht(a)gmx.net> --- Hello folks, for completeness I've checked macOS package as well using online virus scan service. https://dl.winehq.org/wine-builds/macosx/download.html https://dl.winehq.org/wine-builds/macosx/pool/winehq-devel-5.0-rc4.pkg --- snip --- $ sha1sum winehq-devel-5.0-rc4.pkg 1abaaef7539226f19476ec70dad8741c26b3dbc2 winehq-devel-5.0-rc4.pkg $ du -sh winehq-devel-5.0-rc4.pkg 276M winehq-devel-5.0-rc4.pkg $ mkdir -p winehq-devel-5.0-rc4 && cd $_ $ xar -xf ../winehq-devel-5.0-rc4.pkg $ ll total 28 -rw-r--r--. 1 focht focht 2994 Jan 4 01:07 Distribution drwxr-xr-x. 3 focht focht 4096 Jan 5 15:07 org.winehq.wine-devel32.pkg drwxr-xr-x. 3 focht focht 4096 Jan 5 15:08 org.winehq.wine-devel64.pkg drwxr-xr-x. 2 focht focht 4096 Jan 5 15:06 org.winehq.wine-devel-deps64.pkg drwxr-xr-x. 2 focht focht 4096 Jan 5 15:06 org.winehq.wine-devel-deps.pkg drwxr-xr-x. 3 focht focht 4096 Jan 5 15:10 org.winehq.wine-devel.pkg drwxr-xr-x. 2 focht focht 4096 Jan 5 15:06 Resources --- snip --- Unpacking resources: --- snip --- $ cd org.winehq.wine-devel.pkg/ $ cat Payload | gunzip -dc |cpio -i 735228 blocks --- snip --- Selecting one 32-bit binary and upload to https://www.virustotal.com --- snip --- $ file Contents/Resources/wine/lib/wine/write.exe Contents/Resources/wine/lib/wine/write.exe: PE32 executable (GUI) Intel 80386, for MS Windows --- snip --- https://www.virustotal.com/gui/file/563b2c6ca56b32648135e3fc0b6069869f873c4b... It seems multiple engines (10/68) detect Wine binaries built with GNU C99 6.2.1 20161118 mingw-w64 as virus. Result with same binary built on my Fedora Linux host with Fedora MinGW 7.3.0-1.fc28: https://www.virustotal.com/gui/file/b3144183ff160795e5d01bb870a6cf49eac24f99... -> 3/70 detected. Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48418 Ken Sharp <imwellcushtymelike(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #4 from Ken Sharp <imwellcushtymelike(a)gmail.com> --- Closing -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
WineHQ Bugzilla