X-Recipient: archive-cygwin@delorie.com X-SWARE-Spam-Status: No, hits=-2.4 required=5.0 tests=AWL,BAYES_00,SPF_PASS X-Spam-Check-By: sourceware.org Message-ID: <4A555ABC.6020401@gmail.com> Date: Thu, 09 Jul 2009 03:49:32 +0100 From: Dave Korn User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: cygwin@cygwin.com Subject: Re: Virus on sed.exe References: <4A554E61.3040302@ebrady.net> In-Reply-To: <4A554E61.3040302@ebrady.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com Ed Brady wrote: > I just ran a virus scan, and got a hit for sed.exe. > Win32/AMalum.ZZQIA. Anyone else seen anything similar to this? Seen a few false positives with AVG in my personal experience. Most AVs run into the odd one now and again. Some of them seem to have a fondness for Cygwin, probably because it's not part of any of their standard testing environments, so they wouldn't notice false positives in it before releasing a new .dat file. > I run scans frequently and have never had this show up before I want to > believe that this is a false positive, but want to be sure... Here's md5sums of my versions: 1.5: ~ $ cygcheck -c sed Cygwin Package Information Package Version Status sed 4.1.5-2 OK ~ $ md5sum /bin/sed.exe dd5f2d46b572b534d22f65a43916351c */bin/sed.exe 1.7: $ cygcheck -c sed Cygwin Package Information Package Version Status sed 4.1.5-2 OK $ md5sum /bin/sed.exe dd5f2d46b572b534d22f65a43916351c */bin/sed.exe If yours match (assuming same versions of course), you're clean. For a second opinion, try uploading your sed.exe at http://virusscan.jotti.org/ cheers, DaveK -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple