Sophos Antivirus claims port 'zlib' ships a Virus/Spyware called "iPh/WireLurk-G"...
Bill Christensen
billc_lists at greenbuilder.com
Fri Sep 4 15:27:56 PDT 2015
Saw the same a few minutes ago myself.
On Fri, Sep 4, 2015 at 5:18 PM, Marko Käning <mk-macports at posteo.net> wrote:
> Hi folks,
>
> today I got a warning from my "Sophos Antivirus" w.r.t. MacPorts!!!
>
> It claimed that zlib’s dylib file
>
> /opt/local/lib/libz.1.2.8.dylib
>
> carried a virus called
>
> iPh/WireLurk-G
>
> and I wonder now whether this was
> - actually true or
> - a false positive or
> - whether Sophos is trying to trade snake oil to me…
>
>
> It was very weird, that at some stage the dylib file - despite being
> readable -
> ---
> $ ls -l /opt/local/lib/libz.1.2.8.dylib
> -rwxr-xr-x 1 root admin 76404 Nov 15 2013 /opt/local/lib/libz.1.2.8.dylib
> ---
> could _not_ be read by any user.
> Later it was readable again...
> Was I tricked by some OSX internals (triggered by Sophos’
> quarantine workflow)
> or indeed by a virus?
>
>
> Is there a way to verify whether the files installed by port “zlib” are
> actually those
> currently to be found in MacPorts’ own archives? Are there verifiable
> hashes for files
> installed by a port somewhere?
>
> Greets,
> Marko
>
> _______________________________________________
> macports-users mailing list
> macports-users at lists.macosforge.org
> https://lists.macosforge.org/mailman/listinfo/macports-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/macports-users/attachments/20150904/f0e150f9/attachment.html>
More information about the macports-users
mailing list