FS#67474 - [wine] [security] detected as malware by several VirusTotal scanners
Attached to Project:
Community Packages
Opened by Ruben (rub3n) - Monday, 03 August 2020, 16:26 GMT
Last edited by Felix Yan (felixonmars) - Sunday, 30 May 2021, 21:07 GMT
Opened by Ruben (rub3n) - Monday, 03 August 2020, 16:26 GMT
Last edited by Felix Yan (felixonmars) - Sunday, 30 May 2021, 21:07 GMT
|
Details
Description:
When installing wine-5.14-2 the files /usr/lib32/wine/msidb.exe /usr/lib32/wine/netstat.exe /usr/lib32/wine/whoami.exe were detected as Threats by Sophos. Several scanners from VirusTotal also claim that those files are malware: msidb.exe : https://www.virustotal.com/gui/file/baa755b0f25e84842e1b0840bd2ceee18109f776d8ae3c3a5aeb5571a76c8e9b/detection netstat.exe : https://www.virustotal.com/gui/file-analysis/N2YyOWIzZDc2MWY4MDUzMTMzOGIzNzhmMThjZWMyZTQ6MTU5NjQ3MTEyOA==/summary whoami.exe :https://www.virustotal.com/gui/file/b7ca25680040a51c22101d1d0b72b064717099d61b3af889b7520552ad43e366/detection Additional info: * Version: wine-5.14-2 * SHA256-sums: msidb.exe: baa755b0f25e84842e1b0840bd2ceee18109f776d8ae3c3a5aeb5571a76c8e9b netstat.exe: b1be394bcc993a53d8623d2bc57ea6eb136e7849759e91846270dd8998e4d4e6 whoami.exe: b7ca25680040a51c22101d1d0b72b064717099d61b3af889b7520552ad43e366 |
This task depends upon
Closed by Felix Yan (felixonmars)
Sunday, 30 May 2021, 21:07 GMT
Reason for closing: Not a bug
Additional comments about closing: It is a false positive. Please reopen if there is anything we should do here.
Sunday, 30 May 2021, 21:07 GMT
Reason for closing: Not a bug
Additional comments about closing: It is a false positive. Please reopen if there is anything we should do here.
FS#67317).Official WineHQ binary releases are also built as PE, so we can check those files directly from upstream, e.g. for Ubuntu:
https://dl.winehq.org/wine-builds/ubuntu/dists/focal/main/binary-i386/
https://www.virustotal.com/gui/file/95beb905262b620bbe57c13440c7a47886dbe5f6d1677477dfbb45aed7b26225/detection
https://www.virustotal.com/gui/file/31b88d5f85b15b28daf7c731e33a32ac377c957f033c15bcd2030d35f37c58ac/detection
https://www.virustotal.com/gui/file/916393058c3da9a8d86b5e8b42cd3bd180e9bffa3a87f0b3f20a542b0655628f/detection
Or for Fedora:
https://dl.winehq.org/wine-builds/fedora/32/i686/
https://www.virustotal.com/gui/file/150d3c6aea0fb0d14828d9dd3dce1405b928e8a3cbd61abfb3d0fcc1a613eb45/detection
https://www.virustotal.com/gui/file/dac8c84c8b03086976d3c67e5eadee940a68770c1883c3c306d2c998631f286e/detection
https://www.virustotal.com/gui/file/7b46a274c56b30d4da025e11db66c3a4c72504f0da3d05db314eb2da24d7243f/detection
There are less hits in total, but they are still present, and there are differences between distributions. (Maybe compilation flags have a say here?)
Anyhow, those look like generic, heuristic hits, which should be false positive. There are some bugs and threads with similar issues:
https://bugs.winehq.org/show_bug.cgi?id=34092
https://bugs.winehq.org/show_bug.cgi?id=44057
https://bugs.winehq.org/show_bug.cgi?id=45852
https://bugs.winehq.org/show_bug.cgi?id=48418
https://bugs.winehq.org/show_bug.cgi?id=48681
https://forum.winehq.org/viewtopic.php?t=33190
https://forum.winehq.org/viewtopic.php?t=33444
https://forum.winehq.org/viewtopic.php?t=33597
https://forum.winehq.org/viewtopic.php?t=33993