Sophos Antivirus claims port 'zlib' ships a Virus/Spyware called "iPh/WireLurk-G"...
Marko Käning
mk-macports at posteo.net
Fri Sep 4 15:18:22 PDT 2015
Hi folks,
today I got a warning from my "Sophos Antivirus" w.r.t. MacPorts!!!
It claimed that zlib’s dylib file
/opt/local/lib/libz.1.2.8.dylib
carried a virus called
iPh/WireLurk-G
and I wonder now whether this was
- actually true or
- a false positive or
- whether Sophos is trying to trade snake oil to me…
It was very weird, that at some stage the dylib file - despite being readable -
---
$ ls -l /opt/local/lib/libz.1.2.8.dylib
-rwxr-xr-x 1 root admin 76404 Nov 15 2013 /opt/local/lib/libz.1.2.8.dylib
---
could _not_ be read by any user.
Later it was readable again...
Was I tricked by some OSX internals (triggered by Sophos’ quarantine workflow)
or indeed by a virus?
Is there a way to verify whether the files installed by port “zlib” are actually those
currently to be found in MacPorts’ own archives? Are there verifiable hashes for files
installed by a port somewhere?
Greets,
Marko
More information about the macports-users
mailing list