Comments (4)
LinuxOnTheDesktop
commented on September 14, 2024
Should this scary-looking issue should be closed - or acted upon? On the one hand: the other report of the problem (here) is closed. On the other hand, perhaps that issue should not have been closed - and it is unclear just why it was closed.
from mintinstall.
Xenophobe-01
commented on September 14, 2024
I've since uninstalled the Software Manager version and installed the current stable version from WineHQ, which does not detect as having any potential threats. I leave it to the forum moderators to determine if the potential threat detection in the Software Manager version is still present and whether to close this thread or not.
from mintinstall.
mtwebster
commented on September 14, 2024
Closing this because:
- This is an Ubuntu package, coming from an Ubuntu server. Mintinstall just glosses over these details because they're irrelevant most of the time. (https://launchpad.net/ubuntu/+source/wine)
- It's based on a source code package from Debian, which pulls updates from Wine (https://salsa.debian.org/wine-team/wine/)
- This package hasn't seen an update since Feb 2022 (so would have to have had the malware since that date).
- Most vendors in that link cleared it, and the behavior tab shows tests that came out clean as well. The ones that did detect something couldn't decide or agree on what it actually is.
Results I scanned when searching "winver.exe" wine malware pretty much agreed this is a false positive.
I installed wine and clamav:
# Show where this file is installed initially.
$ dpkg -L libwine:amd64 | grep winver
/usr/lib/x86_64-linux-gnu/wine/winver.exe
# Scan
$ clamscan /usr/lib/x86_64-linux-gnu/wine/winver.exe
/usr/lib/x86_64-linux-gnu/wine/winver.exe: OK
----------- SCAN SUMMARY -----------
Known viruses: 8685671
Engine version: 0.103.11
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.07 MB
Data read: 0.07 MB (ratio 1.00:1)
Time: 11.888 sec (0 m 11 s)
Start Date: 2024:02:22 09:53:06
End Date: 2024:02:22 09:53:18
# Run something to generate a ~/.wine folder
$ wine cmd
Microsoft Windows 6.1.7601
Z:\home\mtwebster\.wine>exit
# Note files in .wine folder now:
$ cd .wine
$ find -name winver.*
./drive_c/windows/syswow64/winver.exe
./drive_c/windows/system32/winver.exe
# Scan these files
$ clamscan drive_c/windows/syswow64/winver.exe
/home/mtwebster/.wine/drive_c/windows/syswow64/winver.exe: OK
----------- SCAN SUMMARY -----------
Known viruses: 8685671
Engine version: 0.103.11
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.07 MB
Data read: 0.07 MB (ratio 1.00:1)
Time: 11.758 sec (0 m 11 s)
Start Date: 2024:02:22 09:53:44
End Date: 2024:02:22 09:53:56
$ clamscan drive_c/windows/system32/winver.exe
/home/mtwebster/.wine/drive_c/windows/system32/winver.exe: OK
----------- SCAN SUMMARY -----------
Known viruses: 8685671
Engine version: 0.103.11
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.07 MB
Data read: 0.07 MB (ratio 1.00:1)
Time: 11.780 sec (0 m 11 s)
Start Date: 2024:02:22 09:54:18
End Date: 2024:02:22 09:54:30
# Are they the same files?
$ cmp .wine/drive_c/windows/syswow64/winver.exe /usr/lib/x86_64-linux-gnu/wine/winver.exe
.wine/drive_c/windows/syswow64/winver.exe /usr/lib/x86_64-linux-gnu/wine/winver.exe differ: byte 133, line 2
$ cmp .wine/drive_c/windows/system32/winver.exe /usr/lib/i386-linux-gnu/wine/winver.exe
.wine/drive_c/windows/system32/winver.exe /usr/lib/i386-linux-gnu/wine/winver.exe differ: byte 133, line 2
# Different - what??
# If I compare 64 <-> 32 they are identical. A wine bug maybe?
$ cmp .wine/drive_c/windows/syswow64/winver.exe /usr/lib/i386-linux-gnu/wine/winver.exe
$ cmp .wine/drive_c/windows/system32/winver.exe /usr/lib/x86_64-linux-gnu/wine/winver.exe So, additionally now:
- The original files check out
- Their user-side copies check out. The fact that it looks like they copy the 32 bit version into the 64 bit user folder sounds like a bug to me, but the files themselves are good
but...
While I was looking around I saw at least one mention of the fact that Windows programs can have their own versions, so if this is true, this may very well be an actual positive, but I'm confident that the ones that are shipped with wine are ok.
Try the last check I did ( If I compare 64 <-> 32 they are identical...) - if the cmp command doesn't return anything (which means the files are the same), then I think you're in the clear.
from mintinstall.
LinuxOnTheDesktop
commented on September 14, 2024
Thank you, @mtwebster , for doing all of that work in the service of security.
from mintinstall.
Related Issues (20)
- [Feature request] Install as user/system for Flatpak apps
- [Feature request] Export/import all flatpaks & their data HOT 1
- Add more alternative browsers to Application Manager HOT 1
- Steam App Bug?
- Important feature missing HOT 2
- [Feature Request]: Add support for snap apps HOT 2
- [Feature Request] Option to display/search for just system packges or Flatpak packages
- Minimal Install HOT 2
- Add option not to show flatpaks HOT 1
- Loading forever on start Loading error: 'NoneType' object has no attribute 'verified' HOT 4
- software manager cannot open, stuck at "generating cache " HOT 6
- Use https for screenshots.debian.net HOT 1
- When SublimeText is installed, there is no 'Launch' button HOT 1
- flatpaks: rework handling of untrusted app vendors HOT 3
- No search bar HOT 1
- mintinstall 8.3.2 hangs on generating cache HOT 2
- mintinstall: search is by default limited to the active category
- No option to connect to hidden wifi
- Software Manager Icon not opening into window HOT 3
- Add update option to mintinstall
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mintinstall.