Mail Archives: cygwin/2022/12/07/16:55:10

Dan Harkless via Cygwin <cygwin AT cygwin DOT com> · Wed, 7 Dec 2022 13:54:04 -0800

On 12/7/2022 8:20 AM, Sylwester Rutkowski via Cygwin wrote:Hi,
> The setup-x86_64.exe is reported as malicious at https://www.virustotal.com/gui/file/edd0a64dc65087ffe453ca94b267169b39458a983b29ac31320fcaa983d0f97e/detection
>
> Can this be resolved somehow?

No.Ā  It's normal and common for software like Cygwin, which has the 
power to be used maliciously (as opposed to, say, a Minesweeper game or 
something), to have false positives on VirusTotal for a handful of 
vendors.Ā  I've never heard of SecureAge or Trapmine (hmm, maybe it 
*would* flag Minesweeper...), and I'm pretty well educated in the 
anti-malware space, so if it were me, I'd just ignore those false 
positives and pay attention to the credible AV software results (and the 
Community Score).

If you have some corporate policy requiring things to have 0 detections 
on VirusTotal or something, your only recourse is to contact the 
SecureAge and Trapmine vendors and convince them somehow to fix their 
false positives.

--
Dan Harkless
http://harkless.org/dan/

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org 3542038369E1
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1670450067;
	bh=fS0FpQSEnFb3PQh03IzHPKVTKUBmhrjZVUW8JXCXNfY=;
	h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe:
	List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	From;
	b=wUOjqS1htP/fH1dRFyI2L1vaBr//U3gUKdgEDichauMJ62C4/5BiJIGroCnrz9mAV
	ZBKEH5dSHVF8tKBxq4ew0LxjoUJoKmjw7G0r5Kd1U87IHPu3mf5U3tyxaQQBxb7snF
	GegWyyVzYdClkrDI4hZqYufPzQkzw/iRqzYjgEuM=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.1 sourceware.org 358FB3864A32
X-SONIC-DKIM-SIGN:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
	t=1670450050; bh=Rk9tenHXNtDo2cJ49gVyIuuCAyltIomPu04cVoUny6q=;
	h=X-Sonic-MF:Date:Subject:To:From:From:Subject;
	b=fM4xCHruMIDQ3mgUWrI9W3kSD4K303ck847Ut8cff31XTqn1j0lVpSF/MTitwTBY76ur7xEUzscjRqrSpNGZpmYXHgAavH5QJ6IvfMI8RF14VnzwWXoE2j9GkdUiYQuuFvFo8uCSovGBra27ysFCGhFUPGwVxXdTquH9sIhx5+AFqMf9M5ydN2Ua/EeF5MAe7YfB5coDyoxVwVHHRD4Lndp1pW5QWNtWh9FW6hZfR/HoNZc4G/oE7WvltmiGAyx+2iBnWMWCMWnb9sWFeexnWFIWgPEu4kYW4T6PZo8MgpWWtdQ1B/+FMsdbxm8WT1eaF96mqgOOpuyWyeuWjjfokA==
X-YMail-OSG:	goE1OU4VM1kG_TOQievLVcFVHqCEZ94nRVklODXSgcL8YJcVXfmmcWaC0MTj1Io
	Qr_n.3YuAUZQYek8XQTxnTDDOOClJIUf08hAL9KsUcds3UXr2IHSuAuIQg35bFe32XwSw7fwiuXR
	1SrysA9R_y36BvNQct00sOGMIQoFA0rLSb7AWnu8yM2wOC52eZ9xfezmB3_pBXu7Y42JF5wa2txm
	5tIlsqiE_Zr5eihW_W6Jl9Le1Euud3mVt3ku7dGxmB0KVNml2EXD.kYZDVN9evKwxMKC9X1OCTF1
	vxnGKJuZnBRJMBQJjR4NNoy1zFuj6JeFzGZKvYGH0uxWZYwNSizCp.mLtFm2o1cHpfbQ1M9N9QMB
	5aFrfySXrD8gLEe7Tc_wunDS2Qw5XHRJM.YRj0IlBQY1wRalLu6OF0Oo85xKOE5s8_gOt.AYUKHC
	nf7E8I5pwbtJUwrRIQX1BPbBi0.nG2gYVYSdLzyueYcvETbR5VhTbMdr1pbOtxfnXGssM1fC6F3F
	RJ1A2FQBrersYIIBDNVYoEVnEYVn8DqnACeKaXbHSoIsmj.TBmsVq_SAnROQ_c5DWj1D3K_4CZzA
	3MvcgdlFgS9.EIVLRFEFvCP5H_7UX8F.HYCVInD_WQWxU3vKN_mYh7E2QeUXX_xU7hLkeCeTN2SM
	omNQe9m8Igrl.FeVRrF1D2OAMvHcePYuidWEHwNFQpJb.VAhSEz5cGnvXrAH9AwRt2f_Rg4McFt4
	G3z7xKlH.jmeFXdTV8hkcQ1yfLcGQvKRhdlhNKfuR4ckls4He1W2iUq_p9.h7yVAwY3WQhbZGaRB
	Wqzun2MZY7mgqHm2MFpwoKmBJ1KBxoe_W71WBiM8Gq8WsDJoMeD0yBQ19xBxybEB94FMw7iX3gsb
	f0ZzSP3HvMfc7FJPRB__oqQmQ9HOJQvOPJ5Kn6r6rQ2gVUqZIFOkur9QoQr7Ot7Ux_BNKxwy3qrK
	2R6bbVed5ozBRfwOhTnUADX00G8ixuxjP3PcmA7uS7NqkOQdKhYQt3RMlXto8gz6f5zB6dx1spPv
	GAfWCf9dc.NE1P__XPLWceB.UlwXUhb4JOxyn2bsof3dNCmjV6XWtRZk9bazobhMZHN6aDy_6E6m
	WaXwBGkqTRidIuxNGpGFv0RLZxW6YxmWcaYhPsPGw4HLz6klUf7pcTJwTjBGrsvn01sAZvuBuWtA
	jRewnbIy9QBkbJBTcx4lIF77ImYRMMFN5HwBgsfd9XEV4YL3LiEcaXfXU1kPswmUM9tj29ncs2Zn
	ebjzo694.tVFPQyVkSj2UkOm4TPQUSGL.wVEOo3H2NsopoFpGzvY9J3Tz3HDoTzORCsjYKOWfmVn
	gJGENzRPx0TpyH.a60vuFQsiwiX_3YnDlhYjP3VbNJPzi_qE9lNcIZdSsM_K5rPmCu_zY5ZoZfuu
	zDALlGU1moMPFspEY736rhZbl8xKstxgl_3xaDl8KKLUNh1VR9UguOaYSUM45gCxomIHfWuz2rM.
	yErSSE2u52JMbc.r.CjdVW7x042VbfLIfIcymuNlQmTJx0PGUMxEFKcDy5XrEXqLXtZ1jf6FIA.G
	8DFiCptmYxDSfQlN6UFmHaNPex55c.sdvIe6sExw97hzj382BVJWTi0k4JhKz7NlPc4Fy3MWn.a9
	c7WTBCibTIlvi299fnCEQeFxrjW5DVYpDRycsdwvDlXmB5WrEjF5eYtKYCOR3n3PbgjsuyjoC_Mb
	oMeTzNYjiMYq3EMpc1pEfbFCuez0HNT4iGvJeOQyRBCqFVazF3RC6KXZZjM9hMewwi1.rQKJPk4j
	nZQRsUf2yfHWTe9XZXpo0uiFZsu0CA5LnEbt.NHE9yceHG1UyB6eowZ5zhpw7fN659UpvnvqoVuf
	YQ0tQxL0glLV5czRg12dFQt1954SduqWz4P8hrF_0QFWRliFOol9cuZDRqVjQSdF_3D5UxU8wr5q
	04iRPYNX5S_KqNwRHgUR8us9z804LqV5sWHEHtJU89rNw5ekU6raQQ_1luImtTPEQT.bsquX9KNU
	JCaIpx6A845UJGUKKqaTyyuQAjxIvNFeZDh8qNd_FQZavo1esUXccgmy1AJz1xCQZH3zzOVhVRuN
	mU2Ltre3IgzgEtkS_2dltb85wyasO3AMonmLT3vvfP2BFwi2Qkdwfksvil60HwWeaIbqmPJiNyg1
	1Jie0Ml.kY_yz2R0dmb3SrWIQ_q8klD_hWt4JTkI2SM.BHKgemCQuvJHYqh0_PQfbmxt3a11KwXz
	a9ZA6hTmjKxFdMV0BWA--
X-Sonic-MF:	<dan_harkless AT yahoo DOT com>
Message-ID:	<14e7843a-5829-2c74-313b-13d08b37243e@harkless.org>
Date:	Wed, 7 Dec 2022 13:54:04 -0800
MIME-Version:	1.0
User-Agent:	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
	Thunderbird/102.4.2
Subject:	Re: Cygwin setup reporter as malware
To:	cygwin AT cygwin DOT com
References:	<AS8PR07MB714100AE9CFC6D5AAEE34179D91A9 AT AS8PR07MB7141 DOT eurprd07 DOT prod DOT outlook DOT com>
In-Reply-To:	<AS8PR07MB714100AE9CFC6D5AAEE34179D91A9@AS8PR07MB7141.eurprd07.prod.outlook.com>
X-Mailer:	WebService/1.1.20926
	mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo
X-Spam-Status:	No, score=1.2 required=5.0 tests=BAYES_00, DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_EF, FREEMAIL_FORGED_FROMDOMAIN, FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS, NICE_REPLY_A, RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_PASS,
	TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Level:	*
X-Spam-Checker-Version:	SpamAssassin 3.4.6 (2021-04-09) on
	server2.sourceware.org
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.29
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe:	<https://cygwin.com/mailman/options/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	Dan Harkless via Cygwin <cygwin AT cygwin DOT com>
Reply-To:	Dan Harkless <cygwin-list21 AT harkless DOT org>
Errors-To:	cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com
Sender:	"Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>
X-MIME-Autoconverted:	from base64 to 8bit by delorie.com id 2B7Lspf4006789

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019