X-Recipient: archive-cygwin@delorie.com X-SWARE-Spam-Status: No, hits=2.0 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,KAM_THEBAT,KHOP_THREADED X-Spam-Check-By: sourceware.org Date: Mon, 23 Apr 2012 14:52:23 +0400 From: Andrey Repin Reply-To: Andrey Repin Message-ID: <2610076794.20120423145223@mtu-net.ru> To: "Watts, Simon (UK)" , cygwin@cygwin.com Subject: Re: VIRUS: XWin.exe 1.12.0-4 "Bloodhound.Sonar.9" In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com Greetings, Watts, Simon (UK)! > Just performed a routine update to cygwin, which resulted in the updated XWin.exe being quarantined due to a virus threat. > Details: > setup.exe version: 2.769 > source: http://cygwin.xl-mirror.nl > xorg-servers-common version: 1.12.0-4 > Symantec Endpoint Protection reported XWin.exe contained "Bloodhound.Sonar.9" > file size: 2828127 > hash: 157814B5160244D44E469CA9829124DABA14426F3D60E6A22B52E953625CA0B2 > category: application heuristic > scan type: SONAR > SONAR Risk level: High > SONAR: High > Reverting back to 1.12.0-3 from same source does *not* show this issue. > Could be a false positive? But AV policy prevents me from running it. From the report, it seems like it's AV heuristic backfired. https://www.virustotal.com/file/157814b5160244d44e469ca9829124daba14426f3d60e6a22b52e953625ca0b2/analysis/ -- WBR, Andrey Repin (anrdaemon@freemail.ru) 23.04.2012, <14:39> Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple