X-Recipient: archive-cygwin@delorie.com
X-Original-To: cygwin@cygwin.com
Delivered-To: cygwin@cygwin.com
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 8C89C386F430
Authentication-Results: sourceware.org; dmarc=none (p=none dis=none)
 header.from=SystematicSw.ab.ca
Authentication-Results: sourceware.org;
 spf=none smtp.mailfrom=brian.inglis@systematicsw.ab.ca
X-Authority-Analysis: v=2.3 cv=LKf9vKe9 c=1 sm=1 tr=0
 a=kiZT5GMN3KAWqtYcXc+/4Q==:117 a=kiZT5GMN3KAWqtYcXc+/4Q==:17
 a=IkcTkHD0fZMA:10 a=w_pzkKWiAAAA:8 a=iP3L5UVLyNdveXWp_FYA:9
 a=H60BrSVLGWd7BuxL:21 a=6jeoB0NOknzhWrtp:21 a=QEXdDO2ut3YA:10
 a=WK-i71OpKu4A:10 a=sRI3_1zDfAgwuvI8zelB:22
Subject: Re: Cygwin setup error
To: cygwin@cygwin.com
References: <CAHCu2ijYVovD65ihzYJyRb-QU6CN0idUv-G3=_4RBbFuyQYV2A@mail.gmail.com>
 <a40a631b-b027-5fba-c0a7-38bd16cf0c20@gmail.com>
 <CAHCu2igRV=guUb2nNm1gDPxtxi9g_hqFo7RMh4xERveaNWjYqQ@mail.gmail.com>
 <8d287574-f820-564b-4794-e35e3429174c@gmail.com>
From: Brian Inglis <Brian.Inglis@SystematicSw.ab.ca>
Autocrypt: addr=Brian.Inglis@SystematicSw.ab.ca; prefer-encrypt=mutual;
 keydata=
 mDMEXopx8xYJKwYBBAHaRw8BAQdAnCK0qv/xwUCCZQoA9BHRYpstERrspfT0NkUWQVuoePa0
 LkJyaWFuIEluZ2xpcyA8QnJpYW4uSW5nbGlzQFN5c3RlbWF0aWNTdy5hYi5jYT6IlgQTFggA
 PhYhBMM5/lbU970GBS2bZB62lxu92I8YBQJeinHzAhsDBQkJZgGABQsJCAcCBhUKCQgLAgQW
 AgMBAh4BAheAAAoJEB62lxu92I8Y0ioBAI8xrggNxziAVmr+Xm6nnyjoujMqWcq3oEhlYGAO
 WacZAQDFtdDx2koSVSoOmfaOyRTbIWSf9/Cjai29060fsmdsDLg4BF6KcfMSCisGAQQBl1UB
 BQEBB0Awv8kHI2PaEgViDqzbnoe8B9KMHoBZLS92HdC7ZPh8HQMBCAeIfgQYFggAJhYhBMM5
 /lbU970GBS2bZB62lxu92I8YBQJeinHzAhsMBQkJZgGAAAoJEB62lxu92I8YZwUBAJw/74rF
 IyaSsGI7ewCdCy88Lce/kdwX7zGwid+f8NZ3AQC/ezTFFi5obXnyMxZJN464nPXiggtT9gN5
 RSyTY8X+AQ==
Organization: Systematic Software
Message-ID: <f6464b74-70ff-08ef-dc22-bea63e643c06@SystematicSw.ab.ca>
Date: Tue, 21 Apr 2020 16:07:02 -0600
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101
 Thunderbird/68.7.0
MIME-Version: 1.0
In-Reply-To: <8d287574-f820-564b-4794-e35e3429174c@gmail.com>
Content-Language: en-CA
X-CMAE-Envelope: MS4wfFOris1CP68twxzF9NvrgspnAl49i1filxGj1RquxnHV31TIa1raUl6eW81er7R7Rt0GWzOoRXrlmx7Aa2o51BXuw/iIcM4LpCIhZoQoxtNKf7HkyYGk
 w7ZHPkGhtQz65p3d0q9EJRaSLej5F5znBbOEdunXBgfS9thewcevFKqeJCvwHm9DqQXfBaEKUwfN3n09VRAcOxr4wSOnDn20RcM=
X-Spam-Status: No, score=-15.5 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS,
 KAM_EXEURI, KAM_LAZY_DOMAIN_SECURITY, KAM_LOTSOFHASH, RCVD_IN_DNSWL_LOW,
 RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE,
 TXREP autolearn=no autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: cygwin@cygwin.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <http://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request@cygwin.com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-request@cygwin.com?subject=help>
List-Subscribe: <http://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request@cygwin.com?subject=subscribe>
Reply-To: cygwin@cygwin.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cygwin-bounces@cygwin.com
Sender: "Cygwin" <cygwin-bounces@cygwin.com>

On 2020-04-21 12:33, Marco Atzeri via Cygwin wrote:
> Am 21.04.2020 um 18:08 schrieb Antonio Cesar Rosa:
>> I do not think so. See the output from Virustotal:
>> 2431de4597a2162f3e1d60af90f638b41677265b07cc66fcb0231fdde452c841
>> setup-x86_64.exe 1.29 MB 2020-04-21 00:31:19 UTC
>> Size
>> 15 hours ago
>> 64bits direct-cpu-clock-access overlay peexe runtime-modules
>> DETECTION DETAILS BEHAVIOR COMMUNITY
>> SecureAge APEX Malicious MaxSecure Trojan.Malware.300983.susgen
>> Lastline MALWARE Acronis Undetected

Scoring 2[.5]/71 is not exactly a threatening consensus - believe the 69 and
ignore the 2[.5].
The URL check has eight more checkers excluding the three false positives score
0/80.
Many AVs use "heuristic/WAG" approaches which often give false positives on
installers.
This group probably sees about one false positive a month, but I don't ever
recall a real issue in about/over ten years.

> please reply on mailing list in copy.
> Virus Total with the URL https://cygwin.com/setup-x86_64.exe
> gives all clean.
> If you have a different result. likely you have a tampered file.
> And using the signature available on
> https://cygwin.com/install.html
> we also have:
> $ gpg2 --verify setup-x86_64.exe.sig
> gpg: assuming signed data in 'setup-x86_64.exe'
> gpg: Signature made Sat, Mar 21, 2020  6:35:25 PM CET
> gpg:                using DSA key 1169DF9F22734F743AA59232A9A262FF676041BA
> gpg: checking the trustdb
> gpg: marginals needed: 3  completes needed: 1  trust model: pgp
> gpg: depth: 0  valid:   1  signed:   1  trust: 0-, 0q, 0n, 0m, 0f, 1u
> gpg: depth: 1  valid:   1  signed:   0  trust: 1-, 0q, 0n, 0m, 0f, 0u
> gpg: next trustdb check due at 2022-02-26
> gpg: Good signature from "Cygwin <cygwin@cygwin.com>" [ultimate]
> gpg: Signature made Sat, Mar 21, 2020  6:35:25 PM CET
> gpg:                using RSA key 56405CF6FCC81574682A5D561A698DE9E2E56300
> gpg: Good signature from "Cygwin <cygwin@cygwin.com>" [full]

$ TZ=UTC wget -N http://cygwin.com/setup-x86{_64,}.exe{.sig,}
2020-04-21 21:26:37 URL:http://cygwin.com/setup-x86_64.exe.sig [661/661] ->
"setup-x86_64.exe.sig" [1]
2020-04-21 21:26:38 URL:http://cygwin.com/setup-x86_64.exe [1352723/1352723] ->
"setup-x86_64.exe" [1]
2020-04-21 21:26:38 URL:http://cygwin.com/setup-x86.exe.sig [661/661] ->
"setup-x86.exe.sig" [1]
2020-04-21 21:26:41 URL:http://cygwin.com/setup-x86.exe [1248787/1248787] ->
"setup-x86.exe" [1]
FINISHED --2020-04-21 21:26:41--
Total wall clock time: 4.4s
Downloaded: 4 files, 2.5M in 2.2s (1.12 MB/s)
$ TZ=UTC ls -glo --full setup-x86{_64,}.exe{.sig,}
-rw-r--r--+ 1 1248787 2020-03-21 17:28:48.000000000 +0000 setup-x86.exe
-rw-r--r--+ 1     661 2020-03-21 17:29:04.000000000 +0000 setup-x86.exe.sig
-rw-r--r--+ 1 1352723 2020-03-21 17:35:04.000000000 +0000 setup-x86_64.exe
-rw-r--r--+ 1     661 2020-03-21 17:35:25.000000000 +0000 setup-x86_64.exe.sig
$ TZ=UTC sha256sum setup-x86{_64,}.exe{.sig,}
9e99b618cf6cf0e7a6efac9bff2028acebdb44fd552407e4cb7839f0867b035e
*setup-x86_64.exe.sig
2431de4597a2162f3e1d60af90f638b41677265b07cc66fcb0231fdde452c841 *setup-x86_64.exe
c7b45a34a0ef18b409a385c7157fd7bb68a799148c212bab74037e0438f5addb *setup-x86.exe.sig
d218a41a45fcec581affd0e1ccc66011aa06a3a9b299576104546074e8480064 *setup-x86.exe
$ TZ=UTC gpg2 --verify setup-x86_64.exe{.sig,}
gpg: Signature made 2020 Mar 21 Sat 17:35:25 UTC
gpg:                using DSA key 1169DF9F22734F743AA59232A9A262FF676041BA
gpg: Good signature from "Cygwin <cygwin@cygwin.com>" [full]
gpg: Signature made 2020 Mar 21 Sat 17:35:25 UTC
gpg:                using RSA key 56405CF6FCC81574682A5D561A698DE9E2E56300
gpg: Good signature from "Cygwin <cygwin@cygwin.com>" [full]
$ TZ=UTC gpg2 --verify setup-x86.exe{.sig,}
gpg: Signature made 2020 Mar 21 Sat 17:29:04 UTC
gpg:                using DSA key 1169DF9F22734F743AA59232A9A262FF676041BA
gpg: Good signature from "Cygwin <cygwin@cygwin.com>" [full]
gpg: Signature made 2020 Mar 21 Sat 17:29:04 UTC
gpg:                using RSA key 56405CF6FCC81574682A5D561A698DE9E2E56300
gpg: Good signature from "Cygwin <cygwin@cygwin.com>" [full]

Same files from a month ago with same digests and signatures.
Many have downloaded and used it in that timeframe for dozens of package
installs and upgrades with no issues or reports before yours.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
--
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple