I just ran a scan of my system using ClamXav (v1.1.1 - ClamAV
0.94/8644/Mon Nov 17 15:35:21 2008 - ClamXav) and it says that
JS.Psyme-32 was found in /Library/Application
Support/CrossOver/Bottles/winXP/system.reg. I'm using version 7.1 of
CrossOver and I have MS Office 2007 installed. Is this a problem and
if so, how do I get rid of it?
Direct quote from our CEO follows:
People often wonder if CrossOver will be subject to as many problems with virus's and trojans as Windows is.
The short answer is that, in theory, a virus could affect a Linux or Mac system running a Windows program, but that it would require a pretty extremely unlikely scenario and it has not, to our knowledge, ever happened.
The longer answer is that programs that are vulnerable to virii, such as Outlook and Internet Explorer will retain those vulnerabilities when run on Linux or the Mac via CrossOver.
That is, if a virus exploits a weakness in Internet Explorer which allows it to upload code into memory and cause that code to start execution, then that same weakness will exist.
So, in theory, the problem persists.
However, a wide range of factors exist so that we feel that it is far safer to use CrossOver than it is to run Windows.
First, that exploited code running in memory relies upon a very exact operating system configuration; it will try to use certain Windows specific commands and layouts to do its dirty work; it is very unlikely to run on Linux or Mac OS because it is a foreign system. We've run tests on a range of known viruses and not a single virus has been able to successfully execute its code.
Second, you're only vulnerable if you run vulnerable applications. Internet Explorer is the worst case. Candidly, we recommend only using IE for sites where Firefox does not work. Outlook is another case, but in CrossOver, Outlook is prevented from running files with typical virus file formats. Most other applications do not suffer from virus risk; most viruses come in through either a direct attack on your system (this is not relevant because you're protected by Linux as a whole), or via IE or Outlook.
Third, even if a virus were able to be run, it will be constrained by the your OS as to the damage it can do. Since CrossOver is meant to be run by a regular user, you're first protected by your own OS's proper user security system; the virus cannot harm anything further than your user account. Second, a Windows virus will generally only know of Windows file systems; if it destroys your entire virtual C: drive, well that's very easily recreated and you've lost no data.
Finally, if this remains a concern to you, using the managed multi user mode of CrossOver Professional, it would be straightforward to run CrossOver in a 'chroot' jail. That would guarantee that no virus could harm anything outside of the 'jail'. We don't recommend this because we don't feel it's necessary and it makes working with files awkward, but it is an absolutely safe method for those customers that are genuinely concerned.
The only closing remark on this subject is that I will reiterate that not one of our many customers has ever reported a problem with a virus or other nasty beast on CrossOver.
[b]
End direct quote.[/b]
If you believe or are worried you have an 'infected' bottle, you can simply remove that bottle and create a new bottle by reinstalling the applications that were installed in the old bottle.
Also, be advised that CrossOver often causes a false read on virus scans. It (CrossOver/Wine) is a replacement for the Windows libraries... thus, the things that virus scans look for are confused by it. This could cause a virus scan to report a virus where there is none.
If you truly believe you have a virus, we would be interested in looking into it. If you happen to know how it got installed (a site you entered, an email you received) we would be interested in trying to contract the virus for testing purposes. If you have this information, please do not hesitate to open a support ticket or send an email to info@codeweavers.com.