[Bug 48418] Norton Security Scan flags binaries from Wine 5.0-rcX macOS package as Virus (Heur.AdvML.B)

WineHQ Bugzilla wine-bugs at winehq.org
Sun Jan 5 08:29:36 CST 2020 

https://bugs.winehq.org/show_bug.cgi?id=48418

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |focht at gmx.net
            Summary|Resources seems contains    |Norton Security Scan flags
                   |Heur.AdvML.B infection      |binaries from Wine 5.0-rcX
                   |                            |macOS package as Virus
                   |                            |(Heur.AdvML.B)

--- Comment #3 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

for completeness I've checked macOS package as well using online virus scan
service.

https://dl.winehq.org/wine-builds/macosx/download.html

https://dl.winehq.org/wine-builds/macosx/pool/winehq-devel-5.0-rc4.pkg

--- snip ---
$ sha1sum winehq-devel-5.0-rc4.pkg 
1abaaef7539226f19476ec70dad8741c26b3dbc2  winehq-devel-5.0-rc4.pkg

$ du -sh winehq-devel-5.0-rc4.pkg 
276M    winehq-devel-5.0-rc4.pkg

$ mkdir -p winehq-devel-5.0-rc4 && cd $_

$ xar -xf ../winehq-devel-5.0-rc4.pkg

$ ll
total 28
-rw-r--r--. 1 focht focht 2994 Jan  4 01:07 Distribution
drwxr-xr-x. 3 focht focht 4096 Jan  5 15:07 org.winehq.wine-devel32.pkg
drwxr-xr-x. 3 focht focht 4096 Jan  5 15:08 org.winehq.wine-devel64.pkg
drwxr-xr-x. 2 focht focht 4096 Jan  5 15:06 org.winehq.wine-devel-deps64.pkg
drwxr-xr-x. 2 focht focht 4096 Jan  5 15:06 org.winehq.wine-devel-deps.pkg
drwxr-xr-x. 3 focht focht 4096 Jan  5 15:10 org.winehq.wine-devel.pkg
drwxr-xr-x. 2 focht focht 4096 Jan  5 15:06 Resources
--- snip ---

Unpacking resources:

--- snip ---
$ cd org.winehq.wine-devel.pkg/

$ cat Payload | gunzip -dc |cpio -i
735228 blocks
--- snip ---

Selecting one 32-bit binary and upload to https://www.virustotal.com

--- snip ---
$ file Contents/Resources/wine/lib/wine/write.exe
Contents/Resources/wine/lib/wine/write.exe: PE32 executable (GUI) Intel 80386,
for MS Windows
--- snip ---

https://www.virustotal.com/gui/file/563b2c6ca56b32648135e3fc0b6069869f873c4b24b0d5651a1d120905505c77/detection

It seems multiple engines (10/68) detect Wine binaries built with GNU C99 6.2.1
20161118 mingw-w64 as virus.

Result with same binary built on my Fedora Linux host with Fedora MinGW
7.3.0-1.fc28:

https://www.virustotal.com/gui/file/b3144183ff160795e5d01bb870a6cf49eac24f99d0622a28db10d4a21e16d250/detection

-> 3/70 detected.

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list