X-Recipient:	archive-cygwin AT delorie DOT com
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.3.2 sourceware.org 8C89C386F430
Authentication-Results:	sourceware.org; dmarc=none (p=none dis=none)
	header.from=SystematicSw.ab.ca
Authentication-Results:	sourceware.org;
	spf=none smtp.mailfrom=brian DOT inglis AT systematicsw DOT ab DOT ca
X-Authority-Analysis:	v=2.3 cv=LKf9vKe9 c=1 sm=1 tr=0
	a=kiZT5GMN3KAWqtYcXc+/4Q==:117 a=kiZT5GMN3KAWqtYcXc+/4Q==:17
	a=IkcTkHD0fZMA:10 a=w_pzkKWiAAAA:8 a=iP3L5UVLyNdveXWp_FYA:9
	a=H60BrSVLGWd7BuxL:21 a=6jeoB0NOknzhWrtp:21 a=QEXdDO2ut3YA:10
	a=WK-i71OpKu4A:10 a=sRI3_1zDfAgwuvI8zelB:22
Subject:	Re: Cygwin setup error
To:	cygwin AT cygwin DOT com
References:	<CAHCu2ijYVovD65ihzYJyRb-QU6CN0idUv-G3=_4RBbFuyQYV2A AT mail DOT gmail DOT com>
	<a40a631b-b027-5fba-c0a7-38bd16cf0c20 AT gmail DOT com>
	<CAHCu2igRV=guUb2nNm1gDPxtxi9g_hqFo7RMh4xERveaNWjYqQ AT mail DOT gmail DOT com>
	<8d287574-f820-564b-4794-e35e3429174c AT gmail DOT com>
From:	Brian Inglis <Brian DOT Inglis AT SystematicSw DOT ab DOT ca>
Autocrypt:	addr=Brian DOT Inglis AT SystematicSw DOT ab DOT ca; prefer-encrypt=mutual;
	keydata=
	mDMEXopx8xYJKwYBBAHaRw8BAQdAnCK0qv/xwUCCZQoA9BHRYpstERrspfT0NkUWQVuoePa0
	LkJyaWFuIEluZ2xpcyA8QnJpYW4uSW5nbGlzQFN5c3RlbWF0aWNTdy5hYi5jYT6IlgQTFggA
	PhYhBMM5/lbU970GBS2bZB62lxu92I8YBQJeinHzAhsDBQkJZgGABQsJCAcCBhUKCQgLAgQW
	AgMBAh4BAheAAAoJEB62lxu92I8Y0ioBAI8xrggNxziAVmr+Xm6nnyjoujMqWcq3oEhlYGAO
	WacZAQDFtdDx2koSVSoOmfaOyRTbIWSf9/Cjai29060fsmdsDLg4BF6KcfMSCisGAQQBl1UB
	BQEBB0Awv8kHI2PaEgViDqzbnoe8B9KMHoBZLS92HdC7ZPh8HQMBCAeIfgQYFggAJhYhBMM5
	/lbU970GBS2bZB62lxu92I8YBQJeinHzAhsMBQkJZgGAAAoJEB62lxu92I8YZwUBAJw/74rF
	IyaSsGI7ewCdCy88Lce/kdwX7zGwid+f8NZ3AQC/ezTFFi5obXnyMxZJN464nPXiggtT9gN5
	RSyTY8X+AQ==
Organization:	Systematic Software
Message-ID:	<f6464b74-70ff-08ef-dc22-bea63e643c06@SystematicSw.ab.ca>
Date:	Tue, 21 Apr 2020 16:07:02 -0600
User-Agent:	Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101
	Thunderbird/68.7.0
MIME-Version:	1.0
In-Reply-To:	<8d287574-f820-564b-4794-e35e3429174c@gmail.com>
X-CMAE-Envelope:	MS4wfFOris1CP68twxzF9NvrgspnAl49i1filxGj1RquxnHV31TIa1raUl6eW81er7R7Rt0GWzOoRXrlmx7Aa2o51BXuw/iIcM4LpCIhZoQoxtNKf7HkyYGk
	w7ZHPkGhtQz65p3d0q9EJRaSLej5F5znBbOEdunXBgfS9thewcevFKqeJCvwHm9DqQXfBaEKUwfN3n09VRAcOxr4wSOnDn20RcM=
X-Spam-Status:	No, score=-15.5 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS,
	KAM_EXEURI, KAM_LAZY_DOMAIN_SECURITY, KAM_LOTSOFHASH, RCVD_IN_DNSWL_LOW,
	RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE,
	TXREP autolearn=no autolearn_force=no version=3.4.2
X-Spam-Checker-Version:	SpamAssassin 3.4.2 (2018-09-13) on
	server2.sourceware.org
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.29
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe:	<http://cygwin.com/mailman/options/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<http://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
Reply-To:	cygwin AT cygwin DOT com
Errors-To:	cygwin-bounces AT cygwin DOT com
Sender:	"Cygwin" <cygwin-bounces AT cygwin DOT com>

On 2020-04-21 12:33, Marco Atzeri via Cygwin wrote:
> Am 21.04.2020 um 18:08 schrieb Antonio Cesar Rosa:
>> I do not think so. See the output from Virustotal:
>> 2431de4597a2162f3e1d60af90f638b41677265b07cc66fcb0231fdde452c841
>> setup-x86_64.exe 1.29 MB 2020-04-21 00:31:19 UTC
>> Size
>> 15 hours ago
>> 64bits direct-cpu-clock-access overlay peexe runtime-modules
>> DETECTION DETAILS BEHAVIOR COMMUNITY
>> SecureAge APEX Malicious MaxSecure Trojan.Malware.300983.susgen
>> Lastline MALWARE Acronis Undetected

Scoring 2[.5]/71 is not exactly a threatening consensus - believe the 69 and
ignore the 2[.5].
The URL check has eight more checkers excluding the three false positives score
0/80.
Many AVs use "heuristic/WAG" approaches which often give false positives on
installers.
This group probably sees about one false positive a month, but I don't ever
recall a real issue in about/over ten years.

> please reply on mailing list in copy.
> Virus Total with the URL https://cygwin.com/setup-x86_64.exe
> gives all clean.
> If you have a different result. likely you have a tampered file.
> And using the signature available on
> https://cygwin.com/install.html
> we also have:
> $ gpg2 --verify setup-x86_64.exe.sig
> gpg: assuming signed data in 'setup-x86_64.exe'
> gpg: Signature made Sat, Mar 21, 2020  6:35:25 PM CET
> gpg:                using DSA key 1169DF9F22734F743AA59232A9A262FF676041BA
> gpg: checking the trustdb
> gpg: marginals needed: 3  completes needed: 1  trust model: pgp
> gpg: depth: 0  valid:   1  signed:   1  trust: 0-, 0q, 0n, 0m, 0f, 1u
> gpg: depth: 1  valid:   1  signed:   0  trust: 1-, 0q, 0n, 0m, 0f, 0u
> gpg: next trustdb check due at 2022-02-26
> gpg: Good signature from "Cygwin <cygwin AT cygwin DOT com>" [ultimate]
> gpg: Signature made Sat, Mar 21, 2020  6:35:25 PM CET
> gpg:                using RSA key 56405CF6FCC81574682A5D561A698DE9E2E56300
> gpg: Good signature from "Cygwin <cygwin AT cygwin DOT com>" [full]

$ TZ=UTC wget -N http://cygwin.com/setup-x86{_64,}.exe{.sig,}
2020-04-21 21:26:37 URL:http://cygwin.com/setup-x86_64.exe.sig [661/661] ->
"setup-x86_64.exe.sig" [1]
2020-04-21 21:26:38 URL:http://cygwin.com/setup-x86_64.exe [1352723/1352723] ->
"setup-x86_64.exe" [1]
2020-04-21 21:26:38 URL:http://cygwin.com/setup-x86.exe.sig [661/661] ->
"setup-x86.exe.sig" [1]
2020-04-21 21:26:41 URL:http://cygwin.com/setup-x86.exe [1248787/1248787] ->
"setup-x86.exe" [1]
FINISHED --2020-04-21 21:26:41--
Total wall clock time: 4.4s
Downloaded: 4 files, 2.5M in 2.2s (1.12 MB/s)
$ TZ=UTC ls -glo --full setup-x86{_64,}.exe{.sig,}
-rw-r--r--+ 1 1248787 2020-03-21 17:28:48.000000000 +0000 setup-x86.exe
-rw-r--r--+ 1     661 2020-03-21 17:29:04.000000000 +0000 setup-x86.exe.sig
-rw-r--r--+ 1 1352723 2020-03-21 17:35:04.000000000 +0000 setup-x86_64.exe
-rw-r--r--+ 1     661 2020-03-21 17:35:25.000000000 +0000 setup-x86_64.exe.sig
$ TZ=UTC sha256sum setup-x86{_64,}.exe{.sig,}
9e99b618cf6cf0e7a6efac9bff2028acebdb44fd552407e4cb7839f0867b035e
*setup-x86_64.exe.sig
2431de4597a2162f3e1d60af90f638b41677265b07cc66fcb0231fdde452c841 *setup-x86_64.exe
c7b45a34a0ef18b409a385c7157fd7bb68a799148c212bab74037e0438f5addb *setup-x86.exe.sig
d218a41a45fcec581affd0e1ccc66011aa06a3a9b299576104546074e8480064 *setup-x86.exe
$ TZ=UTC gpg2 --verify setup-x86_64.exe{.sig,}
gpg: Signature made 2020 Mar 21 Sat 17:35:25 UTC
gpg:                using DSA key 1169DF9F22734F743AA59232A9A262FF676041BA
gpg: Good signature from "Cygwin <cygwin AT cygwin DOT com>" [full]
gpg: Signature made 2020 Mar 21 Sat 17:35:25 UTC
gpg:                using RSA key 56405CF6FCC81574682A5D561A698DE9E2E56300
gpg: Good signature from "Cygwin <cygwin AT cygwin DOT com>" [full]
$ TZ=UTC gpg2 --verify setup-x86.exe{.sig,}
gpg: Signature made 2020 Mar 21 Sat 17:29:04 UTC
gpg:                using DSA key 1169DF9F22734F743AA59232A9A262FF676041BA
gpg: Good signature from "Cygwin <cygwin AT cygwin DOT com>" [full]
gpg: Signature made 2020 Mar 21 Sat 17:29:04 UTC
gpg:                using RSA key 56405CF6FCC81574682A5D561A698DE9E2E56300
gpg: Good signature from "Cygwin <cygwin AT cygwin DOT com>" [full]

Same files from a month ago with same digests and signatures.
Many have downloaded and used it in that timeframe for dozens of package
installs and upgrades with no issues or reports before yours.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
--
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

- Raw text -