[Bug 48418] Norton Security Scan flags binaries from Wine 5.0-rcX macOS package as Virus (Heur.AdvML.B)

5 Jan 2020


      https://bugs.winehq.org/show_bug.cgi?id=48418
Anastasius Focht focht@gmx.net changed:
What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |focht@gmx.net
            Summary|Resources seems contains    |Norton Security Scan flags
                   |Heur.AdvML.B infection      |binaries from Wine 5.0-rcX
                   |                            |macOS package as Virus
                   |                            |(Heur.AdvML.B)
--- Comment #3 from Anastasius Focht focht@gmx.net ---
Hello folks,
for completeness I've checked macOS package as well using online virus scan
service.
https://dl.winehq.org/wine-builds/macosx/download.html
https://dl.winehq.org/wine-builds/macosx/pool/winehq-devel-5.0-rc4.pkg
--- snip ---
$ sha1sum winehq-devel-5.0-rc4.pkg 
1abaaef7539226f19476ec70dad8741c26b3dbc2  winehq-devel-5.0-rc4.pkg
$ du -sh winehq-devel-5.0-rc4.pkg 
276M    winehq-devel-5.0-rc4.pkg
$ mkdir -p winehq-devel-5.0-rc4 && cd $_
$ xar -xf ../winehq-devel-5.0-rc4.pkg
$ ll
total 28
-rw-r--r--. 1 focht focht 2994 Jan  4 01:07 Distribution
drwxr-xr-x. 3 focht focht 4096 Jan  5 15:07 org.winehq.wine-devel32.pkg
drwxr-xr-x. 3 focht focht 4096 Jan  5 15:08 org.winehq.wine-devel64.pkg
drwxr-xr-x. 2 focht focht 4096 Jan  5 15:06 org.winehq.wine-devel-deps64.pkg
drwxr-xr-x. 2 focht focht 4096 Jan  5 15:06 org.winehq.wine-devel-deps.pkg
drwxr-xr-x. 3 focht focht 4096 Jan  5 15:10 org.winehq.wine-devel.pkg
drwxr-xr-x. 2 focht focht 4096 Jan  5 15:06 Resources
--- snip ---
Unpacking resources:
--- snip ---
$ cd org.winehq.wine-devel.pkg/
$ cat Payload | gunzip -dc |cpio -i
735228 blocks
--- snip ---
Selecting one 32-bit binary and upload to https://www.virustotal.com
--- snip ---
$ file Contents/Resources/wine/lib/wine/write.exe
Contents/Resources/wine/lib/wine/write.exe: PE32 executable (GUI) Intel 80386,
for MS Windows
--- snip ---
https://www.virustotal.com/gui/file/563b2c6ca56b32648135e3fc0b6069869f873c4b...
It seems multiple engines (10/68) detect Wine binaries built with GNU C99 6.2.1
20161118 mingw-w64 as virus.
Result with same binary built on my Fedora Linux host with Fedora MinGW
7.3.0-1.fc28:
https://www.virustotal.com/gui/file/b3144183ff160795e5d01bb870a6cf49eac24f99...
-> 3/70 detected.
Regards
-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[Bug 48418] Norton Security Scan flags binaries from Wine 5.0-rcX macOS package as Virus (Heur.AdvML.B)