Mail Archives: cygwin/2022/12/09/13:50:43

Christian Franke via Cygwin <cygwin AT cygwin DOT com> · Fri, 9 Dec 2022 19:49:13 +0100

Dan Harkless via Cygwin wrote:
> On 12/9/2022 3:39 AM, Oskar Skog via Cygwin wrote:
>> On 2022-12-07 23:54, Dan Harkless via Cygwin wrote:
>>
>> > No.Ā  It's normal and common for software like Cygwin, which has the 
>> > power to be used maliciously (as opposed to, say, a Minesweeper 
>> game or > something), to have false positives on VirusTotal for a 
>> handful of > vendors.Ā  I've never heard of SecureAge or Trapmine 
>> (hmm, maybe it > *would* flag Minesweeper...), and I'm pretty well 
>> educated in the > anti-malware space, so if it were me, I'd just 
>> ignore those false > positives and pay attention to the credible AV 
>> software results (and the > Community Score).
>>
>> You may have thought you were joking, but...
>>
>> https://www.virustotal.com/gui/file/bcff89311d792f6428468e813ac6929a346a979f907071c302f418d128eaaf41 
>>
>>
>> This is not just *a* minesweeper game, it is *the* minesweeper game
>> from Window XP.
>
> LOL!Ā  You're right, I'd never heard about that, and was just using 
> Minesweeper as an obviously safe example program.Ā  And whaddaya know, 
> it's SecureAge and Trapmine (oy!) that "flag" it.Ā  I guess the lesson 
> is to always ignore SecureAge and Trapmine results on VirusTotal, and 
> the OP should suggest VirusTotal drop those two from their AV software 
> suite.
>
> Thanks for the amusing link, Oskar.

Amusing, indeed.

This was less amusing: After I released this file Dec 30, 2018, it 
scored 7/67 and then 13/70 a few hours later, including well-known AV 
vendors:
https://www.virustotal.com/gui/file/bf0416c2e214c6323fdf1af8b853f761c846760f02950453c8a5bb276c961fbe
After FP reports to several vendors, it slowly dropped down to 1-2 
detections until March 2019.

Experience since then suggests that some noise of ~2 detections from not 
well-known AV is normal.

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org 7401F38330A1
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1670611798;
	bh=YR+gJewk1tQL6fs7ce4xUFe2ewWc3AKwP/iM3DPNmnE=;
	h=Subject:To:References:Date:In-Reply-To:List-Id:List-Unsubscribe:
	List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	From;
	b=KYEQU7OFrQVq2ao07vSF+GzOeFpwhlMD52qurhh4dO/XvVoNe5EhGajIxZa31RE+V
	r9Ow09b6JaFNDW5gACKJcmJLOJP0Fy92QfbgtHFxTR3rn/U3kq6N67e96VYfA6zKdh
	0J932PG7bTwvQy4YOWFQxqrWkuaLUCgT+2BS6Xco=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.1 sourceware.org 6C6E23836D16
Subject:	Re: Cygwin setup reporter as malware
To:	cygwin AT cygwin DOT com
References:	<AS8PR07MB714100AE9CFC6D5AAEE34179D91A9 AT AS8PR07MB7141 DOT eurprd07 DOT prod DOT outlook DOT com>
	<14e7843a-5829-2c74-313b-13d08b37243e AT harkless DOT org>
	<6e721522-7e4a-d0d9-f928-4bc6e1b34f3f AT oskog97 DOT com>
	<65ad5397-2de1-87e1-d747-bcb1b4fc6e70 AT harkless DOT org>
Message-ID:	<7b5543d1-7fe6-64c5-ad48-72ffff48cdd7@t-online.de>
Date:	Fri, 9 Dec 2022 19:49:13 +0100
User-Agent:	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101
	SeaMonkey/2.53.14
MIME-Version:	1.0
In-Reply-To:	<65ad5397-2de1-87e1-d747-bcb1b4fc6e70@harkless.org>
X-TOI-EXPURGATEID:	150726::1670611753-6BFFB9DD-892535C6/0/0 CLEAN NORMAL
X-TOI-MSGID:	035ffb32-33ad-474f-b42a-03d22c119aef
X-Spam-Status:	No, score=-3.2 required=5.0 tests=BAYES_00, FREEMAIL_FROM,
	KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, NICE_REPLY_A, RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE,
	TXREP autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version:	SpamAssassin 3.4.6 (2021-04-09) on
	server2.sourceware.org
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.29
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe:	<https://cygwin.com/mailman/options/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	Christian Franke via Cygwin <cygwin AT cygwin DOT com>
Reply-To:	Christian Franke <Christian DOT Franke AT t-online DOT de>
Errors-To:	cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com
Sender:	"Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>
X-MIME-Autoconverted:	from base64 to 8bit by delorie.com id 2B9IoOA2006927

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019