Mail Archives: cygwin/2005/01/10/11:15:36
> -----Original Message-----
> From: Walter Garcia-Fontes
> Sent: Monday, January 10, 2005 10:44 AM
> To: Cygwin
> Subject: cygcrypt-0.dll false virus positive?
>
>
> Since this morning I get Trend Micro Office Scan antivirus to report a
> virus in /usr/bin/cygcrypt-0.dll. It is strange since this started
> without having reinstalled anything, maybe after an automatic update
> of the patterns of the antivirus.
>
I attempted to report this problem earlier today, also.
For some unknown reason, it did not show up in the
mailing list. Here is a copy of the information I
have about this possible virus:
> -----Original Message-----
> Sent: Monday, January 10, 2005 10:25 AM
> To: cygwin list
> Subject: Possible virus in cygcrypt-0.dll
>
>
> My virus detection software (OfficeScan, version 5.58,
> engine 7.100, pattern 2.337.00) has detected the virus:
>
> BKDR_HACDEF.M
>
> in the file cygcrypt0.dll, which is included in the
> Cygwin package crypt-1.1-1. This has been detected on
> three PCs, run (independently) by two people. It appears
> that the problem is localized to the crypt-1.1-1.tar.bz2
> file at the rcn.net mirror.
>
> Here are the steps that I took to localize the problem after
> it had been automatically detected by my virus scanning
> software:
>
> 1. Uninstall crypt-1.1-1 using setup.exe.
>
> 2. Delete crypt-1.1-1.tar.bz2 from the rcn.net 'release'
> subdirectory that installation packages are written to.
>
> 3. Download/install crypt-1.1-1 from the planetmirror.com
> mirror using setup.exe.
>
> 4. Scan both the 'bin' and 'release' subdirectories for viruses.
> No viruses were detected.
>
> 5. Uninstall crypt-1.1-1 using setup.exe.
>
> 6. Delete crypt-1.1-1.tar.bz2 from the planetmirror.com
> 'release' subdirectory that installation packages are
> written to.
>
> 7. Download/install crypt-1.1-1 from the rcn.net mirror using
> setup.exe.
>
> 8. Scan both the 'bin' and 'release' subdirectories for viruses.
> The BKDR_HACDEF.M virus is detected in bin/cygcrypt-0.dll
> and in release/crypt/crypt-1.1-1.tar.bz2.
>
> This detection appears to be the result of a new virus pattern file
> that detects the BKDR_HACDEF.M virus, which earlier versions of
> the file did not.
>
> ---
>
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -