X-Recipient: archive-cygwin@delorie.com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 4E1DC3884F91 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1670608326; bh=I9tTN0lVtsYO5iJKxBOQNObRyjMa69oha3+b0w67Njc=; h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=U4Xy+T4lbf7azelVHZiqF5N9EdLl70OClrs/q7Fy7/GEacNvWFtRd1bKcWQpTdXra nN3p7Z5mXvUmsN4ycD3VBhMAIbVDO9zrmhMTJ0ZVZiCPn/ilG+zE5E5+g9MMRmUImO /U8Qg11GSerf0ld+I6wb9RCZWeAimLN83j5dAZQk= X-Original-To: cygwin@cygwin.com Delivered-To: cygwin@cygwin.com DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 7A6D6382CBAF X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1670608301; bh=8+JFTW+tx0ytbkbcqQdnCIx1RnDr9nwk2pDbUhyimbZ=; h=X-Sonic-MF:Date:Subject:To:From:From:Subject; b=Iih+hZCjGII6vUJXLSncWbjyKny/4K0rcw/3lvP4g2cxnPcQcl0xRRkAXsrX24xIbxd7a90RngAl5pacDiAZaRW+NVecshm/EaFAyM27U/ZuCp51Q9hjVFFJoC8+XOzbr6WDaOmy11v9+vhDlvOvBOYSEDiaaVTU4I0JxEp+ukybMUefP3BavOovtj1xm+NUtoInBhYyUoia7s1lKBJQPh3et7tshGyl8QdSWOe/vp98isJ2LkmJP5LyqpWNBd6Shk/Nfv0VV0M3PTNgD5j2bY5zqZcxvhdScOeSPrXHaE/5+cDK9RrwZE4kQm3AV9VEz7TD1KlPnIQ/Hhv9o6IXLA== X-YMail-OSG: p92r0PIVM1mImXaaybp5Lkc1u_vhLhFIIMhAKaP_Pi08vdFWJBrQC_eDYoG3aRY yKGBSSUkPaEeX0wnyaTPREts5qc4T45CaQqA9FRk64dMnJfTgaIWVdRjD0MCbASXAk4IgQ0BL1Xr BX84IsDtibeynxKiAVaPIK41MjAMZFl2XbqdHU9NPon0p_Q6qNSDPCj3f5xHec4d9SD4ZtDP0nTm fD.gtQZ_1gg1j_TlnxGaeldsuNRXxjih.hbTBj8QpThIcR.aDEE71m4S4uVHHvJn54KPOAUGuExR U5VypzkA08y9n4GLC8A1c1o_uSXFWQtRCZXSBZ2BOZklZqQ0GyJ0ca5mJn6pVO7MeOpAOG9YpLUQ S5DWcTm33MLiSbWWjZlQI80pDxsmpyBsbalS7.s.D4JdX0A7DFT28R4eZH3yoK1zrsrWdRcadKcF JvPNq3o4ZEqfr5UWVeGMYyoAuIg2IPen_IRYrVYDtPMiZBtVHThxarLbGTcQy2X1gUu.g1gGHD9E .qWrDfJoiRczdDO7I2kcVyzb80WXP3J96484V2gtxtOnf65vYgSDiD_RRMG__Hqsdix09WhnZOzB gZ2mBZ1YASr_DRUCkcmwZ5v8EHR9gVkTd.YH3Wqw.G6PEJwhCqJQLztCJfaZphHZzNoi4zkqtt_x imVI2A0n2kPtCb2JnwEe9NGXw7VRWj9T3drz3nW5_RDjfMHcv3MzvOsGl9qtwf2VYPS1Z5BL2l3u 7OXDXKN1wlheEZEr1bs8S04ct4F1aI1.1ZTkbx9aBYVhwmuc6en3gML4ibmwkQ4dMM_OE6Dne3aR ccZq9DYg5sWeGnZnx7LV.6CPJcb_wpolEwIl_NZvLRKII.tZr_Z8as4mgcFwfirOyptb4Oic2aiX ebr1MwLquBwfIj9JhDVSMZfneqJ5WwbzlucEct2C_StDSOSzFqzc83zL24Zaneb2CNvaebez4EAq qpfSx6tDmqD.YRaIicnYbOt5amzdx6NpRFfMZK.2irQJnfLT.jsvpVAouGaIyGUbCulfqI3L0xCa k2oABdSZ2n_R.LYFJAfiSUCb7nWiY7t0vbzmw4iL5v3TTqY81uB2l1tn1N8ix7bqQ1UOkbLrLdZu 1foimPOCQaSUS9eVvAg2DdCwQK7qy613tX_j7PodYPx0dtSu5SxKEIJog7wjJp4cuUw90rDayadj ErjoXpyjH9oPY1iQ6YFW8gixaZTm4g_e7kyVzixrKqpo7rEF2G0OmMygVbNUL3oekPI0B6DGFpaF SV0s3PX8nM15gnfJO.1aWL6m9CRZJKJX1vZXj7DthpWGFT_GCgDbnCYrooyUobZlRtw2aajiVFFb J_m8WfPvNFqHIeYNC1Ili_Y65XztxaU6sJr2FrC.74ZOH4v33FSa.zMMkUlHdy9llDGG03r6qc2W CjgtLY8caPnUBEOd7AhP4nvJCzZboHMzjIDBoemQrrqFI9nffgCaekEIDnjXHrrWTyu6Mzu55EUx NmvajBxD4SblApX6sGWU165s._Wwa08H8smO5U4k_y6Gh61aEgyOaOkzp8Q8vIOv4KvGDYbxJSt7 EspwMXK_fqzzk65ZbORvXMHFXMVtjAllv6.u3aFOIYIrZDHLpnN_158w_iXXKw.xc.67WdPq.r2. L76nea2BT5jtN_YhS9tJD5ZcowPc9awC5MPcXYEFKB9PO_erXkVa9gmZawhgC8z1cTmI1AXQxaE9 iXaQrE9r5aecf3r..nVDAdw7PogohhyleMeEOKAIBpkvDgOjRP8Uyv292R5rkZeOcmHnbgDq8mDT SxuO1PVutNzAECOCiTJjptSp1rnuKQASQ00G1L.ZhAuDc4tHxiykttyRdKL_UG8SZr.l.I0mlThp uXM14khvEm3PJkf.7Gg6kYY.Et7vnBM59l5Gtmc1AXtBCiASltvNayFboNH1RWQWIPjbHpy1e5nS 6rAUFs6hVb_Fky3z3r5zCDwD9Jwy6ZHbt2kd6QIhc162jCESjNcGXlFsNPKBfKHTbzXqmILq29Eo VW8WbLV5bxDxTpkYX46uxtNYhcM2nMO4D3TZHbG.nnIqV1m3gVZ8bPq9KXqRdbj5iNfoWqD9Dya9 7PdU7WNOsabNX80AxmEs3S6nKQiEp3Mb4m4aBI.zk6i6al9smaf2rNxlC6mwx.DdEud8svkXS1wc GILeXfDOKiMDFdr8KsVZiof9aj1vFN2UQC5lyvErAAmSp_om92evsW4dcSKmQBu939HSoLRh10zK Pg97nnXhfmo5I93WqGg-- X-Sonic-MF: Message-ID: <65ad5397-2de1-87e1-d747-bcb1b4fc6e70@harkless.org> Date: Fri, 9 Dec 2022 09:51:34 -0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2 Subject: Re: Cygwin setup reporter as malware Content-Language: en-US To: cygwin@cygwin.com References: <14e7843a-5829-2c74-313b-13d08b37243e@harkless.org> <6e721522-7e4a-d0d9-f928-4bc6e1b34f3f@oskog97.com> X-Priority: 4 (Low) In-Reply-To: <6e721522-7e4a-d0d9-f928-4bc6e1b34f3f@oskog97.com> X-Mailer: WebService/1.1.20926 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo X-Spam-Status: No, score=0.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_EF, FREEMAIL_FORGED_FROMDOMAIN, FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS, NICE_REPLY_A, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Dan Harkless via Cygwin Reply-To: Dan Harkless Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: cygwin-bounces+archive-cygwin=delorie.com@cygwin.com Sender: "Cygwin" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 2B9HqX6B032074 On 12/9/2022 3:39 AM, Oskar Skog via Cygwin wrote: > On 2022-12-07 23:54, Dan Harkless via Cygwin wrote: > > > No.  It's normal and common for software like Cygwin, which has the > > power to be used maliciously (as opposed to, say, a Minesweeper game or > > something), to have false positives on VirusTotal for a handful of > > vendors.  I've never heard of SecureAge or Trapmine (hmm, maybe it > > *would* flag Minesweeper...), and I'm pretty well educated in the > > anti-malware space, so if it were me, I'd just ignore those false > > positives and pay attention to the credible AV software results (and the > > Community Score). > > You may have thought you were joking, but... > > https://www.virustotal.com/gui/file/bcff89311d792f6428468e813ac6929a346a979f907071c302f418d128eaaf41 > > This is not just *a* minesweeper game, it is *the* minesweeper game > from Window XP. LOL!  You're right, I'd never heard about that, and was just using Minesweeper as an obviously safe example program.  And whaddaya know, it's SecureAge and Trapmine (oy!) that "flag" it.  I guess the lesson is to always ignore SecureAge and Trapmine results on VirusTotal, and the OP should suggest VirusTotal drop those two from their AV software suite. Thanks for the amusing link, Oskar. -- Dan Harkless http://harkless.org/dan/ -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple