wine virus story

Marcus Meissner meissner at
Fri Mar 14 13:07:55 CDT 2008

On Fri, Mar 14, 2008 at 05:19:39PM +0000, Reece Dunn wrote:
> On 13/03/2008, Dan Kegel <dank at> wrote:
> > On 3/13/08, L. Rahyen <research at> wrote:
> >  >         Separate user is enough if you don't have world writable files in your
> >  >  system.
> >
> > No, because the malware could root your Linux system
> >  using a local priv escalation exploit.  You really want a
> >  totally isolated sandbox.
> Do you know what the status of the ClamAv support is for malware
> detection through the Windows API?
> Also, should this really map the Windows API to use Linux API for
> malware detection (, or the Mac API,
> or other OS APIs if available? If none is provided, the Windows calls
> could use ClamAv as a fallback if available.
> Also, should an effort be made to get Windows AV products working on
> Wine? This has the problem that they would likely require Windows
> kernel APIs that Wine isn't providing. It would also require testing.
> In addition to AV support, should Wine use the Windows API to use a
> firewall if one is available on the OS that Wine is running?

The Windows firewalls usually plugins in at kernel level.

One of our 2006 Summer of Code students wrote an on-access scanner
for Wine, but it was never integrated.

Ciao, Marcus

More information about the wine-devel mailing list