| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-Spam-Check-By: | sourceware.org |
| From: | "Dave Korn" <dave DOT korn AT artimi DOT com> |
| To: | <cygwin AT cygwin DOT com> |
| References: | <c6ec56fa0808312245l769d3debu4f35484491cfee97 AT mail DOT gmail DOT com> <g9g2ql$36q$1 AT ger DOT gmane DOT org> |
| Subject: | RE: report from virustotal / setup.exe from cygwin.com may be corrupt? |
| Date: | Mon, 1 Sep 2008 08:33:07 +0100 |
| Message-ID: | <01a001c90c04$fcbee060$9601a8c0@CAM.ARTIMI.COM> |
| MIME-Version: | 1.0 |
| X-Mailer: | Microsoft Office Outlook 11 |
| In-Reply-To: | <g9g2ql$36q$1@ger.gmane.org> |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Unsubscribe: | <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| X-MIME-Autoconverted: | from quoted-printable to 8bit by delorie.com id m817YJDj021785 |
René Berber wrote on 01 September 2008 07:41:
> Eric Freudenthal wrote:
>
>> I just downloaded setup.exe from cygwin.com and sent it to virustotal.
>> A couple of services didn't like it:
>>
>> the report:
>> http://www.virustotal.com/analisis/ccb64d1f4e157ba250e1649f46868196
>>
>> details:
>> eSafe 7.0.17.0 2008.08.31 Suspicious File
>> Prevx1 V2 2008.09.01 Suspicious
>
> That means nothing, if sddt.exe is a known virus it should say so
> clearly. Notice that none of the big names report anything.
It's quite likely they're just indiscriminately flagging up all UPX-packed
executables as inherently suspicious. I can confirm that setup.exe on
cygwin.com still matches the version that I built on my home PC and uploaded
there:
~ $ wget http://cygwin.com/setup.exe
--2008-09-01 08:30:47-- http://cygwin.com/setup.exe
Resolving cygwin.com... 209.132.176.174
Connecting to cygwin.com|209.132.176.174|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 585728 (572K) [application/octet-stream]
Saving to: `setup.exe'
100%[======================================>] 585,728 239K/s in 2.4s
2008-09-01 08:30:51 (239 KB/s) - `setup.exe' saved [585728/585728]
@_______. .
( /"\
||--||(___)
'" '"'---'
~ $ md5sum setup.exe
4f3f250cb9704fda2c241347cb689a8f *setup.exe
@_______. .
( /"\
||--||(___)
'" '"'---'
~ $ md5sum /tmp/apps/objmerge/setup-2.573.2.3.exe
4f3f250cb9704fda2c241347cb689a8f */tmp/apps/objmerge/setup-2.573.2.3.exe
@_______. .
( /"\
||--||(___)
'" '"'---'
~ $
> but, as Dave Korn's reply said, if it was, the virus must be inside one
> of the packages (and setup.ini had to be forged, and a pre- or
> post-install script changed to run the virus)... I'm not sure if it
> really is possible to spread it like that.
/Was/ possible. Isn't now! :)
cheers,
DaveK
--
Can't think of a witty .sigline today....
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |