[Wine] ClamAV thinks Wine contains a rootkit?

James Mckenzie jjmckenzie51 at earthlink.net
Thu Sep 30 09:30:02 CDT 2010

doh123 <wineforum-user at winehq.org> wrote:
>Sent: Sep 29, 2010 10:37 PM
>To: wine-users at winehq.org
>Subject: [Wine]  ClamAV thinks Wine contains a rootkit?
>Anyone wanna explain why ClamAV thinks Wine has a rootkit in it?
>It finds "mountmgr.sys" and "usbd.sys" as "BC.Heuristics.Rootkit.B"
>This is not altered Wine.. or even used... but it happens just pure straight up compile from source Wine even if its never
>been ran.... its finding them in the fakedlls folder.
This was discussed last week and the determination is that it is a false positive from ClamAV.  At least we can confirm that as that rootkit does not run on the Mac, as far as I can determine.

>I have not tried on Linux, only on Mac OS X, using the ClamAV 0.96.2 base

Can you report this to ClamAV?

James McKenzie

More information about the wine-users mailing list