Mail Archives: cygwin/2023/08/22/13:29:42

Bill Stewart via Cygwin <cygwin AT cygwin DOT com> · Tue, 22 Aug 2023 11:28:56 -0600

On Tue, Aug 22, 2023 at 9:00ā€ÆAM Thomas Schweikle wrote:

It is the address of one of the distribution servers. Since this is not
> "one server", but a cluster of servers, your "suspicious" server shows
> only one thing: those "suspicious" flags are suspicious by themselves:
>
> this particular server ist down since some time and only reports back a
> broken html page telling "<h2>Our services aren't available right
> now</h2><p>We're working to restore all services as soon as possible.
> Please check back
> soon.</p>06cvkZAAAAAA8FvmXFYIOTZ2TS15AJl0/RFVTMzBFREdFMDkxNwBFZGdl"
>
> If this is enough to get flagged as "suspicious" ...
>

Unfortunately yes, nowadays.

I have run into this same problem also because I wrote an installer for an
open source tool. Said tool makes outgoing TCP connections to servers
configured as relays. One of the IP addresses used by one of these relays
was (or is) shared with a "dangerous" service. As a result I had to disable
the relay feature in the installer as a default to (hopefully) reduce the
number false positives.

Bill

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org C5A0738555A0
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1692725381;
	bh=GdM417lpb8Ues/pY/Jfr9UxwGgN+MyJB9ZLDafs2rpE=;
	h=References:In-Reply-To:Date:Subject:To:List-Id:List-Unsubscribe:
	List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	From;
	b=EwQBbcUpajyR+BVB1lumnUzXm/PIX6pod2+MBUsp1PSDJ0baBsM7HQKb2aNXKn+EA
	Pa99k2okjqdva3IBCAWZ5ni6CsahowLYmnT+Lk7XJAZX+mq1vSOPJuDW77kJkZDhxR
	a0N8BdtgmwomgseoauJVFc9DkNzX2uWH8XtkD7bY=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.2 sourceware.org B17BD3858D28
X-UI-Sender-Class:	f2cb72be-343f-493d-8ec3-b1efb8d6185a
X-Gm-Message-State:	AOJu0YxeohynAv9WdWVRbPqgClGMZNcWC8oFlNjw19EZzx1Jf5lUA4Z8
	Zox0bvLq9SV+P42LxxZlPDjVW8E6bkjjXBDoz6I=
X-Google-Smtp-Source:	AGHT+IEPVrJ40Ass4y9IZrmo7VO2bkYKDNvrIYTh0FqbUrYUPxMhQkHCL8xDikdexVA1y2i+vU/BItgWJeljzklwpB4=
X-Received:	by 2002:a05:6512:31ca:b0:4fb:7d09:ec75 with SMTP id
	j10-20020a05651231ca00b004fb7d09ec75mr4676485lfe.4.1692725362606; Tue, 22 Aug
	2023 10:29:22 -0700 (PDT)
MIME-Version:	1.0
References:	<LO3P123MB334069FD42052E97C5917179811FA AT LO3P123MB3340 DOT GBRP123 DOT PROD DOT OUTLOOK DOT COM>
	<5bbc924c-27ad-be4d-b49c-4a1ce8b6ba9c AT bfs DOT de>
In-Reply-To:	<5bbc924c-27ad-be4d-b49c-4a1ce8b6ba9c@bfs.de>
Date:	Tue, 22 Aug 2023 11:28:56 -0600
X-Gmail-Original-Message-ID:	<CANV9t=SuB44pkW8z3xqngpFTo3PqFGpAH1-UyV6n17uAD-=+yw AT mail DOT gmail DOT com>
Message-ID:	<CANV9t=SuB44pkW8z3xqngpFTo3PqFGpAH1-UyV6n17uAD-=+yw@mail.gmail.com>
Subject:	Re: Virus Total scan
To:	cygwin AT cygwin DOT com
X-Provags-ID:	V03:K1:c+9aeUoUxAJcq1PVsKRTt6D9LBfeUFIHoGg4kaMhJ2hgCCq+fm7
	Zw7Qpc7RohtpSfcnYuFZBJ/psP1vALL0pp2dBTr1e8wQaTpjRddH+5XrqeGHVb5j1qb2rLt
	p8k3u+DrJcIzGBGHoyFtCDh3XkwgVXrCBugYZc0wvQ5Ye3+DkgxnYh4jsDFh9l/Q+3meLU4
	fVBv/gB6Y7w6h32jz6pZA==
UI-OutboundReport:	notjunk:1;M01:P0:yuBs1f8LVXU=;ETCK4LmsKRhnHmsCXFTcCJC+6ER
	Q069tkgvCAvgz2ILt4HIEosPyuhGVBGS4I7tWxj3tlf+3OAqslLAJe5hEd6uaWWoqmVOJEhb9
	HI2GBvHbbgOfIlZh6V2dbB8PLgjPm0a30rCHVrc5XulrP0pyXz/5igzrfWSkvZbk/EkGEGGYX
	pmeREPfhpZyzxxnI6PHdjrVDnxxBwYJV+v4BTQuv/O/7w2TOhkPQ2Y52IwqpEz+W4dyjU9Z83
	WhNsVtoqfC76csFWbxoq8X2RkRnFQHioFVEpMz6rKT9w8CgCsmaNQ49KBmL8vEPu48eNYLPZ/
	Os/i8nOO2xUrZM5pRHCn9ScnJTJg/e/kdAYUHZHyXq2DkotUUugxazbccElZxH6LNQzIisUMq
	o45ensu1kITdWPpNk8ZXQsf5CGNv00xhYRmj8w1cfMCgu4w/oTZrlszq6U5+SJ4U4tWZXbANC
	WSeJmpMgh9aobRYmUEYD8gRKnmIV5GknzDJafm9Fns2/SkUGxz3ZnNqD5BhMxOyvezSBcsQim
	3r4qQedIigLXi/Ske5osRhsDAKyTYv6W8C6LTgTAf83Z4spGHfqbpW436T6pVEi1n/Jeq2zQc
	oTmZN6O10mjN3MA8Oc1v80OJkpZf3hxhS9mBM4+VSqGweMj4ijxm3ct9EYafmBjyuOPNjQb3Z
	3aZKEF9itrWOjjqmR06lIIbgSy57DdZJtUcK4xrydbMI8Wu2Yyek3FNJeuKMmUbY7tO34ZSvg
	xGUo9F+UaBbQuqCtlJRaSW75dVCI0Qjhi6O3SFDVF/+r9Trsz8jCTVbcgRs8b50gObFm1vsiY
	S2lBhcX27MuJZfErmqQIw39nUiXmGIqudK3KSnu6z3Wek7QRE+xsCmDj4OnYVk2b926tuF7Rt
	qKbUBsD9Sdh93UfOuVopqChdZsVTu/vekbrfv50z1jCQMrs58Jo4z+OsX73D8diin6ofRYY7f
	gR3lJFiUANhGWfsHXfUFQxFbs8M=
X-Spam-Status:	No, score=-2.8 required=5.0 tests=BAYES_00, DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, HTML_MESSAGE,
	RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,
	SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version:	SpamAssassin 3.4.6 (2021-04-09) on
	server2.sourceware.org
X-Content-Filtered-By:	Mailman/MimeDel 2.1.29
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.29
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	Bill Stewart via Cygwin <cygwin AT cygwin DOT com>
Reply-To:	Bill Stewart <bstewart AT iname DOT com>
Sender:	"Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>
X-MIME-Autoconverted:	from base64 to 8bit by delorie.com id 37MHTgZs029985

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019