wine virus story
epssyis at gmail.com
Fri Mar 14 03:22:05 CDT 2008
I've made a good start on a script that grabs a list of virus from
around the internet and attempts to run each one and then reports
changes in wine and then resets the wine structure. I'll be testing
with the above two file change tools to see which one works best (I
was just using a small one from freshmeat) though I'm interested as to
what else I should be looking for in results? At the moment I'm just
reporting crash details and file changes then using human inspection
to see how well it did.
I just thought it might be a good idea to build a mailing list that
goes to the local (vm) system then check if the local systems mail was
spammed and report that. Looking for more suggestions like this.
Also I'm using qemu running debian at the moment. Of course the
script wont care which vm you use. For those thinking that qemu is
painful to use install qemulator and the kqemu kernel package and
you're set. Though I'm not really sure this is the sort of thing we
want new users to be attempting so easy of use of the vm shouldn't be
For those interested I've tested the top five virus listed on symantec
and none of them have caused any serious issues, all malware I've
tried has failed completely due to the lack of IE. I'll be setting up
two build environments in the script, one with IE and one with native
wine claiming ie (or not depending on responces).
Finally, where would be the right place to report the results? Appdb
seems like a strange place to be putting results of this nature. :P
On Fri, Mar 14, 2008 at 6:58 AM, Lei Zhang <thestig at google.com> wrote:
> On Thu, Mar 13, 2008 at 12:49 PM, L. Rahyen <research at science.su> wrote:
> > Separate user is enough if you don't have world writable files in your
> > system. And of course user for such purpose shouldn't be in group(s) that
> > have write access to your personal or system files.
> > If you are unsure use VirtualBox ( http://virtualbox.org/ ) - it's free and
> > open-source, or VMWare ( http://vmware.com/ ) - it's not free.
> > On Debian (and probably Ubuntu) you can install VirtualBox by running "sudo
> > apt-get install virtualbox".
> > I do not recommend to use QEmu because it's less user friendly than
> > VirtualBox (BTW, VirtualBox is based on QEmu).
> VMWare workstation is not free, but you can get both VMWare server and
> VMWare player at no charge. It's available from the Canonical
> repositories as well:
More information about the wine-devel