[Bug 45852] New: Avira anti-virus claims joy.cpl is a virus ( tarball version) TR/Crypt.ZPACK.Gen2
https://bugs.winehq.org/show_bug.cgi?id=45852 Bug ID: 45852 Summary: Avira anti-virus claims joy.cpl is a virus (tarball version) TR/Crypt.ZPACK.Gen2 Product: Wine Version: 3.16 Hardware: x86 OS: Mac OS X Status: UNCONFIRMED Severity: normal Priority: P2 Component: joy.cpl Assignee: wine-bugs(a)winehq.org Reporter: fred(a)clift.org I just downloaded the portable tarball version of wine 3.16. A short time after I unpacked it Avira anti-virus claimed the joy.cpl was a trojan they have named TR/Crypt.ZPACK.Gen2. I have no idea if this is a false positive or not. The SHA1 sum of the tarball I downloaded is: $ sha1sum winehq-staging-3.16.pkg c248c93afa2d46934915feacbffb72c5fa3095ac winehq-staging-3.16.pkg and the joy.cpl file: $ sha1sum usr/lib/wine/fakedlls/joy.cpl 17a4f4cf2a1ccda9c799e5d8b862d450b24585ad lib/wine/fakedlls/joy.cpl -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45852 Fred <fred(a)clift.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fred(a)clift.org -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45852 Fabian Maurer <dark.shadow4(a)web.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dark.shadow4(a)web.de --- Comment #1 from Fabian Maurer <dark.shadow4(a)web.de> --- First, is your antivirus up to date? Second, you check on site like virustotal if other engines also claim it's dangerous. To me it sounds like a false positive, but to make sure. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45852 zaplo00(a)mailfence.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |zaplo00(a)mailfence.com --- Comment #2 from zaplo00(a)mailfence.com --- ZPACK is generic detection, it's often false positive. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45852 --- Comment #3 from Fred <fred(a)clift.org> --- AV is up to date. Here is the virustotal scan: https://www.virustotal.com/#/file/25566c21ab8b095c3e67723ac7e88334c9f45d391d... It very well could be a false-positive on their part. Are wine builds reproducible? Could someone make sure that the source on whatever machine builds the release isn't compromised and that building from that source produces the same output? Looking at the big picture, it doesn't seem that this would be the favored point of attack if the build system were compromised by an attacker who wanted to include malware in an opensource project. I'm leaning toward 'its a safe false positive' myself, but it's probably worth a double check of the build boxes. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45852 --- Comment #4 from Fred <fred(a)clift.org> --- Other similar scans: https://virusscan.jotti.org/en-US/filescanjob/dfo5o6latq http://r.virscan.org/language/en/report/0a7d4eb7952d0dabcab819f77900c55d https://metadefender.opswat.com/results#!/file/ZTE4MDkxOHJ5bVcwUXMwX1FTeVZXQ... -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
wine-bugs@winehq.org