http://bugs.winehq.org/show_bug.cgi?id=34092
Bug #: 34092 Summary: Comodo Antivirus for Linux found a malware in wine Product: Wine Version: 1.6-rc4 Platform: x86-64 OS/Version: Linux Status: UNCONFIRMED Severity: trivial Priority: P2 Component: ieframe AssignedTo: wine-bugs@winehq.org ReportedBy: radubaetica@gmail.com Classification: Unclassified
I have installed Comodo Antivirus for Linux (not via wine) and it keeps telling me that iexplore.exe installed by wine is a malware called "Malware@@#3dobwkd9mzh6p". I reported it as a false-positive several times in a row; I think you should be informed of this, too. Possible duplicate of #33440.
http://bugs.winehq.org/show_bug.cgi?id=34092
Rosanne DiMesio dimesio@earthlink.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution| |INVALID
--- Comment #1 from Rosanne DiMesio dimesio@earthlink.net 2013-07-19 09:07:56 CDT --- Not a Wine bug.
http://bugs.winehq.org/show_bug.cgi?id=34092
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|INVALID |UPSTREAM
--- Comment #2 from Austin English austinenglish@gmail.com 2013-07-19 18:33:40 CDT --- Upstream is more appropriate imo. Though if they have suggestions on something we can change to avoid the false positive, it might be worth fixing.
http://bugs.winehq.org/show_bug.cgi?id=34092
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |austinenglish@gmail.com
http://bugs.winehq.org/show_bug.cgi?id=34092
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |dank@kegel.com
--- Comment #3 from Dan Kegel dank@kegel.com 2013-07-20 09:53:57 CDT --- https://www.virustotal.com/de/file/f7f19e3bc3fa6c8d94121543e9427f82debbd3a76... shows that wine's iexplore is detected as malware by five antivirus programs: Commtouch, Comodo, Norman, Symantec, and TrendMicro-HouseCall.
So perhaps we have some outreach to do.
http://bugs.winehq.org/show_bug.cgi?id=34092
--- Comment #4 from Dmitry Timoshkov dmitry@baikal.ru 2013-07-20 21:51:26 CDT --- (In reply to comment #3)
https://www.virustotal.com/de/file/f7f19e3bc3fa6c8d94121543e9427f82debbd3a76... shows that wine's iexplore is detected as malware by five antivirus programs: Commtouch, Comodo, Norman, Symantec, and TrendMicro-HouseCall.
So perhaps we have some outreach to do.
Did you pass your own fake iexplore.exe compiled on your OS or used some other source? Just a note: iexplore.exe in Wine (just like other fake .exe/.dll files) doesn't contain any code, just resources, so it's very unlikely that Wine fake PEs may even contain anything for an antivirus check.
http://bugs.winehq.org/show_bug.cgi?id=34092
Dmitry Timoshkov dmitry@baikal.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|ieframe |-unknown
http://bugs.winehq.org/show_bug.cgi?id=34092
--- Comment #5 from Dan Kegel dank@kegel.com 2013-07-20 22:48:55 CDT --- I uploaded the fake iexplore I built myself. Sure, it's not malware. We just have to convince the antivirus makers to realize that.
http://bugs.winehq.org/show_bug.cgi?id=34092
--- Comment #6 from Dmitry Timoshkov dmitry@baikal.ru 2013-07-21 20:46:16 CDT --- (In reply to comment #5)
I uploaded the fake iexplore I built myself. Sure, it's not malware. We just have to convince the antivirus makers to realize that.
One more question: is that a 64-bit PE? Currently winebuild generates 32-bit x86 entry point code for fake PEs (including 'ret' statement, which is supposed to pop correct number of bytes off the stack), perhaps that makes anti-virus checker unhappy.
http://bugs.winehq.org/show_bug.cgi?id=34092
--- Comment #7 from Dan Kegel dank@kegel.com 2013-07-21 23:05:30 CDT --- It was definitely 32 bit.
http://bugs.winehq.org/show_bug.cgi?id=34092
--- Comment #8 from Dmitry Timoshkov dmitry@baikal.ru 2013-07-21 23:24:51 CDT --- (In reply to comment #7)
It was definitely 32 bit.
Then it's clearly anti-virus problem, the entry point code is:
mov eax,1 ret 4
https://bugs.winehq.org/show_bug.cgi?id=34092
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #9 from Austin English austinenglish@gmail.com --- Closing.
https://bugs.winehq.org/show_bug.cgi?id=34092
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |RESOLVED
--- Comment #10 from Austin English austinenglish@gmail.com --- This was inadvertently caught up in my unclosed bugs filter. NOTOURBUG should only be closed when fixed upstream.
Setting back to RESOLVED NOTOURBUG.
Sorry for the spam.
-
wine-bugs@winehq.org