X-Recipient: archive-cygwin@delorie.com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C5A0738555A0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1692725381; bh=GdM417lpb8Ues/pY/Jfr9UxwGgN+MyJB9ZLDafs2rpE=; h=References:In-Reply-To:Date:Subject:To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=EwQBbcUpajyR+BVB1lumnUzXm/PIX6pod2+MBUsp1PSDJ0baBsM7HQKb2aNXKn+EA Pa99k2okjqdva3IBCAWZ5ni6CsahowLYmnT+Lk7XJAZX+mq1vSOPJuDW77kJkZDhxR a0N8BdtgmwomgseoauJVFc9DkNzX2uWH8XtkD7bY= X-Original-To: cygwin@cygwin.com Delivered-To: cygwin@cygwin.com DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org B17BD3858D28 X-UI-Sender-Class: f2cb72be-343f-493d-8ec3-b1efb8d6185a X-Gm-Message-State: AOJu0YxeohynAv9WdWVRbPqgClGMZNcWC8oFlNjw19EZzx1Jf5lUA4Z8 Zox0bvLq9SV+P42LxxZlPDjVW8E6bkjjXBDoz6I= X-Google-Smtp-Source: AGHT+IEPVrJ40Ass4y9IZrmo7VO2bkYKDNvrIYTh0FqbUrYUPxMhQkHCL8xDikdexVA1y2i+vU/BItgWJeljzklwpB4= X-Received: by 2002:a05:6512:31ca:b0:4fb:7d09:ec75 with SMTP id j10-20020a05651231ca00b004fb7d09ec75mr4676485lfe.4.1692725362606; Tue, 22 Aug 2023 10:29:22 -0700 (PDT) MIME-Version: 1.0 References: <5bbc924c-27ad-be4d-b49c-4a1ce8b6ba9c@bfs.de> In-Reply-To: <5bbc924c-27ad-be4d-b49c-4a1ce8b6ba9c@bfs.de> Date: Tue, 22 Aug 2023 11:28:56 -0600 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Virus Total scan To: cygwin@cygwin.com X-Provags-ID: V03:K1:c+9aeUoUxAJcq1PVsKRTt6D9LBfeUFIHoGg4kaMhJ2hgCCq+fm7 Zw7Qpc7RohtpSfcnYuFZBJ/psP1vALL0pp2dBTr1e8wQaTpjRddH+5XrqeGHVb5j1qb2rLt p8k3u+DrJcIzGBGHoyFtCDh3XkwgVXrCBugYZc0wvQ5Ye3+DkgxnYh4jsDFh9l/Q+3meLU4 fVBv/gB6Y7w6h32jz6pZA== UI-OutboundReport: notjunk:1;M01:P0:yuBs1f8LVXU=;ETCK4LmsKRhnHmsCXFTcCJC+6ER Q069tkgvCAvgz2ILt4HIEosPyuhGVBGS4I7tWxj3tlf+3OAqslLAJe5hEd6uaWWoqmVOJEhb9 HI2GBvHbbgOfIlZh6V2dbB8PLgjPm0a30rCHVrc5XulrP0pyXz/5igzrfWSkvZbk/EkGEGGYX pmeREPfhpZyzxxnI6PHdjrVDnxxBwYJV+v4BTQuv/O/7w2TOhkPQ2Y52IwqpEz+W4dyjU9Z83 WhNsVtoqfC76csFWbxoq8X2RkRnFQHioFVEpMz6rKT9w8CgCsmaNQ49KBmL8vEPu48eNYLPZ/ Os/i8nOO2xUrZM5pRHCn9ScnJTJg/e/kdAYUHZHyXq2DkotUUugxazbccElZxH6LNQzIisUMq o45ensu1kITdWPpNk8ZXQsf5CGNv00xhYRmj8w1cfMCgu4w/oTZrlszq6U5+SJ4U4tWZXbANC WSeJmpMgh9aobRYmUEYD8gRKnmIV5GknzDJafm9Fns2/SkUGxz3ZnNqD5BhMxOyvezSBcsQim 3r4qQedIigLXi/Ske5osRhsDAKyTYv6W8C6LTgTAf83Z4spGHfqbpW436T6pVEi1n/Jeq2zQc oTmZN6O10mjN3MA8Oc1v80OJkpZf3hxhS9mBM4+VSqGweMj4ijxm3ct9EYafmBjyuOPNjQb3Z 3aZKEF9itrWOjjqmR06lIIbgSy57DdZJtUcK4xrydbMI8Wu2Yyek3FNJeuKMmUbY7tO34ZSvg xGUo9F+UaBbQuqCtlJRaSW75dVCI0Qjhi6O3SFDVF/+r9Trsz8jCTVbcgRs8b50gObFm1vsiY S2lBhcX27MuJZfErmqQIw39nUiXmGIqudK3KSnu6z3Wek7QRE+xsCmDj4OnYVk2b926tuF7Rt qKbUBsD9Sdh93UfOuVopqChdZsVTu/vekbrfv50z1jCQMrs58Jo4z+OsX73D8diin6ofRYY7f gR3lJFiUANhGWfsHXfUFQxFbs8M= X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 List-Id: General Cygwin discussions and problem reports List-Archive: List-Post: List-Help: List-Subscribe: , From: Bill Stewart via Cygwin Reply-To: Bill Stewart Content-Type: text/plain; charset="utf-8" Sender: "Cygwin" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 37MHTgZs029985 On Tue, Aug 22, 2023 at 9:00 AM Thomas Schweikle wrote: It is the address of one of the distribution servers. Since this is not > "one server", but a cluster of servers, your "suspicious" server shows > only one thing: those "suspicious" flags are suspicious by themselves: > > this particular server ist down since some time and only reports back a > broken html page telling "

Our services aren't available right > now

We're working to restore all services as soon as possible. > Please check back > soon.

06cvkZAAAAAA8FvmXFYIOTZ2TS15AJl0/RFVTMzBFREdFMDkxNwBFZGdl" > > If this is enough to get flagged as "suspicious" ... > Unfortunately yes, nowadays. I have run into this same problem also because I wrote an installer for an open source tool. Said tool makes outgoing TCP connections to servers configured as relays. One of the IP addresses used by one of these relays was (or is) shared with a "dangerous" service. As a result I had to disable the relay feature in the installer as a default to (hopefully) reduce the number false positives. Bill -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple