delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2012/04/23/04:29:12

X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=1.6 required=5.0 tests=AWL,BAYES_50,T_RP_MATCHES_RCVD
X-Spam-Check-By: sourceware.org
From: "Watts, Simon (UK)" <SWATTS AT ngms DOT eu DOT com>
To: "cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com>
Date: Mon, 23 Apr 2012 09:28:28 +0100
Subject: VIRUS: XWin.exe 1.12.0-4 "Bloodhound.Sonar.9"
Message-ID: <D466D8ED2A535D448228E410781DF5E48087A89DBC@APOLLOCCR.ng.local>
MIME-Version: 1.0
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id q3N8T8j7000732 

Just performed a routine update to cygwin, which resulted in the updated XWin.exe being quarantined due to a virus threat.

Details:

	setup.exe version: 	2.769
	source: 	http://cygwin.xl-mirror.nl
	xorg-servers-common version: 	1.12.0-4

Symantec Endpoint Protection reported XWin.exe contained "Bloodhound.Sonar.9"

	file size:	2828127
	hash:	157814B5160244D44E469CA9829124DABA14426F3D60E6A22B52E953625CA0B2
	category:	application heuristic
	scan type:	SONAR
	SONAR Risk level:	High
	SONAR:	High

Reverting back to 1.12.0-3 from same source does *not* show this issue.

Could be a false positive?  But AV policy prevents me from running it.



Regards, 

Simon.


======================================================================
Simon A Watts CPhys CITP   Northrop Grumman Mission Systems Europe Ltd
Senior Software Engineer                                 Leander House
                                                          4600 Parkway
                                                  Solent Business Park
                                                      Fareham PO15 7AZ
                                                        United Kingdom
                                                                     
                                            Tel: +44 (0) 845 67 102 67
                                            Fax: +44 (0) 845 67 102 68
                                                    swatts AT ngms DOT eu DOT com
                                                       www.ngms.eu.com
                                                                     
                                     Registered in England No. 2741988 
======================================================================
Northrop Grumman Mission Systems Europe is a subsidiary of the Mission
Systems sector of Northrop Grumman Corporation.  This email is for the
intended addressees only.   If you have received  it in error then you
should not use, retain, disseminate or otherwise deal with it.  Please
notify  the sender by return email.   The views of the author  may not
necessarily  constitute the views of  Northrop Grumman Mission Systems
Europe Ltd.  Nothing in this email shall bind Northrop Grumman Mission
Systems Europe Ltd in any contract or obligation. 
======================================================================


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019