Question:

I installed the TypeTool 3/Fontlab Studio Windows version that runs in Wine on macOS Monterey.  Sophos Anti-Virus reported a malicious threat in the file, attributed.exe.  Can I safely remove it?


Answer:

The FontLab Classic Apps package uses Wine, a framework that allows people to run Windows apps on Mac and Linux. Wine is a widely used project ( https://www.winehq.org/ ). It provides an independent, opensource implementation of the Windows API, which means that it pretty much includes a large number of files (libraries, executables) which have the same name (and function) as files that are part of real Windows. 

However, the files in Wine have different content than the files in Windows. This leads some antivirus apps "think" that some virus has "counterfeited" real Windows libraries. But these aren’t faked Windows files, these are real independent implementations. 

You’ll see that "Mal/FakeAV-CS" is mentioned in other discussions about Wine: https://bbs.archlinux.org/viewtopic.php?id=257880

As I said, Wine is fully opensource, and is very widely used by numerous software vendors. We think our FontLab Classic Apps package is safe. We’ve checked it with a number of different antivirus programs, and most of them report no problems, but a few antivirus programs occasionally raise some flags. So this is a false alarm.