Mail Archives: cygwin/2007/01/09/12:10:23

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2007/01/09/12:10:23

X-Spam-Check-By: sourceware.org

Message-ID: <bfc52fe00701090909o3156646aycd1ce7d04ce5138a@mail.gmail.com>

Date: Tue, 9 Jan 2007 10:09:52 -0700

From: "Aaron Humphrey" <alfvaen AT gmail DOT com>

To: cygwin AT cygwin DOT com

Subject: Re: Exclude cygwin folder from malware scans?

In-Reply-To: <45A1A5B1.20503@cygwin.com>

MIME-Version: 1.0

References: <b4376ea40701071637w7c4db9d2y7541d40fe4279b9f AT mail DOT gmail DOT com> <45A1A5B1 DOT 20503 AT cygwin DOT com>

X-IsSubscribed: yes

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

While it's true that not many viruses will target Cygwin directly,
there are some that target folders based on string matching.  For
instance, a few years ago my computer at work caught a virus which
apparently tried to spread itself through peer-to-peer file-sharing.
It looked for folders with the string "share" in them, and then put in
a bunch of doubtless infected files with tempting names("BRITNEY
SPEARS NAKED!", etc.)in them.  So I found a bunch of these files
sitting in the C:\Cygwin\usr\share tree.  While they were doubtless
relatively harmless where they were, and weren't going to be shared
over the Internet and infect anyone that way, I still didn't want to
keep them around.

This may also have been the virus that stopped any program with the
substring "sh.exe" in it from running, presumably because they were
aware that such a program could be used to kill the executing virus
process.  Made it hard to run Cygwin.bat.

In other words, while bad virus checkers do seem to be the bane of
functional Cygwin installations (though I've never had problems with
AVG), you can't trust the Cygwin tree to never be targeted.

--
--Alfvaen (Web page: http://www.telusplanet.net/public/alfvaen/ )
 Current Album--LFO:Life Is Good
  Current Book--Steven Brust:Dzur
   You're too kind for your own good; you're too good for your own kind.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Spam-Check-By:	sourceware.org
Message-ID:	<bfc52fe00701090909o3156646aycd1ce7d04ce5138a@mail.gmail.com>
Date:	Tue, 9 Jan 2007 10:09:52 -0700
From:	"Aaron Humphrey" <alfvaen AT gmail DOT com>
To:	cygwin AT cygwin DOT com
Subject:	Re: Exclude cygwin folder from malware scans?
In-Reply-To:	<45A1A5B1.20503@cygwin.com>
MIME-Version:	1.0
References:	<b4376ea40701071637w7c4db9d2y7541d40fe4279b9f AT mail DOT gmail DOT com> <45A1A5B1 DOT 20503 AT cygwin DOT com>
X-IsSubscribed:	yes
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Unsubscribe:	<mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com