Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-Id: <4.3.1.2.20020214101213.01eb5c80@pop.ma.ultranet.com>
X-Sender: lhall AT pop DOT ma DOT ultranet DOT com
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Date: Thu, 14 Feb 2002 10:14:21 -0500
To: Peter Buckley <peter DOT buckley AT cportcorp DOT com>
From: "Larry Hall (RFK Partners, Inc)" <lhall AT rfk DOT com>
Subject: Re: anybody else also infected
Cc: cygwin AT cygwin DOT com
In-Reply-To: <3C6BD3F7.5080606@cportcorp.com>
References: <01A7DAF31F93D511AEE300D0B706ED92019ECD65 AT axcs13 DOT cos DOT agilent DOT com>
 <4 DOT 3 DOT 1 DOT 2 DOT 20020214091816 DOT 01ee0518 AT pop DOT ma DOT ultranet DOT com>
 <4 DOT 3 DOT 1 DOT 2 DOT 20020214094510 DOT 01ea0710 AT pop DOT ma DOT ultranet DOT com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"

OK, David (Starks-Browning), would you be willing to accommodate Peter's 
request with an FAQ entry or rewording?

Larry Hall                              lhall AT rfk DOT com
RFK Partners, Inc.                      http://www.rfk.com
838 Washington Street                   (508) 893-9779 - RFK Office
Holliston, MA 01746                     (508) 893-9889 - FAX


At 10:12 AM 2/14/2002, Peter Buckley wrote:
>I think we do read the faq differently- when it says "antivirus programs have been known to report false positives when extracting compressed tar archives" and "consider disabling your anti-virus software when running SETUP", I don't associate that with getting a false positive when *not* running setup, or when *not* extracting compressed tar archives.
>
>The directions in the next questions "My computer hangs when I try to run setup.exe" would not have avoided this type of false positive- namely when the realtime scanning pops up and quarantines a dll whenever it is run. I am in favor of a more general faq in light of this *new* development and *new* type of false positive- I don't know what the chances are of this happening in the future, but I would put it in the faq as a note, "NAV has had false positives in the past on cygwin dlls, please remain calm with your seatbelts fastened".
>
>I agree about the healthy skepticism- this was obviously a false positive from the very start, but I don't think the faq addresses this type of false positive.
>
>-Peter
>
>
>Larry Hall (RFK Partners, Inc) wrote:
>
>>OK, perhaps you and I read the FAQ differently.  I read it to indicate that
>>you should assume that any reported infection from Cygwin files are false until you can determine otherwise.  To me, it's worthwhile to inform the
>>list of viruses in any Cygwin related software if the virus is real.  However,
>>allot of posts about the potential of a virus isn't really helpful to anyone
>>and can lead newbies to panic, adding to the list volume.  Personally, I've
>>never seen a single confirmed virus in any Cygwin software in the more than
>>6 years I've been using it, though I've seen many a report of viruses (hence the FAQ entry about them).  So I view all Cygwin virus reports on this list
>>with a bit of healthy skepticism, unless there is evidence to support doing
>>otherwise.  I'm just suggesting that others take that message to heart and
>>do their homework before posting.
>>Now back to my own little utopia where everything is done right. ;-)
>>Larry Hall                              lhall AT rfk DOT com
>>RFK Partners, Inc.                      http://www.rfk.com
>>838 Washington Street                   (508) 893-9779 - RFK Office
>>Holliston, MA 01746                     (508) 893-9889 - FAX
>>
>>At 09:35 AM 2/14/2002, Peter Buckley wrote:
>>
>>>I don't think that faq would have avoided or truncated this thread. It seems related, but it is in fact different.
>>>
>>>If someone followed the instructions in the faq, they would have had a false positive reported on cygz.dll. Whenever the cygz.dll file was called (say, by invoking cygcheck), the real-time scanning of NAV popped up with "cygz.dll is infected with backdoor.egghead, and has been quarantined".
>>>
>>>Maybe an addition to that faq needs to be made, that some antivirus programs (specifically symantec) have had false positives on cygwin dlls.
>>>
>>>Just as an FYI, this same false positive for backdoor.egghead was seen on the cygwin1.dll from the 1.3.2-1 distribution.
>>>
>>>-Peter
>>>
>>>Larry Hall (RFK Partners, Inc) wrote:
>>>
>>>
>>>>Hm, it seems like this entire thread could have been avoided or at least
>>>>truncated by a simple visit to the FAQ:
>>>>Is setup.exe, or one of the packages, infected with a virus?
>>>>http://cygwin.com/faq/faq_2.html#SEC11
>>>>Larry Hall                              lhall AT rfk DOT com
>>>>RFK Partners, Inc.                      http://www.rfk.com
>>>>838 Washington Street                   (508) 893-9779 - RFK Office
>>>>Holliston, MA 01746                     (508) 893-9889 - FAX
>>>>
>>>>At 08:39 AM 2/14/2002, hongxun lee wrote:
>>>>
>>>>
>>>>>Sorry for the panic...My bet is all you can do is to update the package zlib
>>>>>...
>>>>>NAV this morning had released its new vir-definition..Thanks
>>>>>
>>>>>----- Original Message -----
>>>>>From: "KAMDAR,NILESH (A-Sonoma,ex1)" <nilesh_kamdar2 AT agilent DOT com>
>>>>>To: <lee DOT 1801 AT osu DOT edu>
>>>>>Sent: Wednesday, February 13, 2002 10:58 PM
>>>>>Subject: anybody else also infected
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>Hello  Hongxun Lee,
>>>>>>
>>>>>>(I am not on the mailing list of cygwin so I am emailing directly to you)
>>>>>>
>>>>>>I have the same problem. My cygwin1.dll and cygz.dll file are in
>>>>>quarantine.
>>>>>
>>>>>
>>>>>>NAV claims that they are infected with the BAckdoor.Egghead virus but I
>>>>>dont
>>>>>
>>>>>
>>>>>>see any other signs besides the above 2 files. I Think NAV definitions are
>>>>>>wrong!!!!
>>>>>>
>>>>>>I actually have SEVERAL customers who are going to complain about this
>>>>>>tomorrow. So I am trying to find a quick resolution. I have also posted my
>>>>>>question to Symantec.
>>>>>>
>>>>>>I am hoping that Symantec sends out newer update virus definitions which
>>>>>DO
>>>>>
>>>>>
>>>>>>NOT cause this error.
>>>>>>
>>>>>>Let me know if you get any updates from them.
>>>>>>
>>>>>>Thanks.
>>>>>>--Nilesh Kamdar
>>>>>>
>>>>>--
>>>>>Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>>>>>Bug reporting:         http://cygwin.com/bugs.html
>>>>>Documentation:         http://cygwin.com/docs.html
>>>>>FAQ:                   http://cygwin.com/faq/
>>>>--
>>>>Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>>>>Bug reporting:         http://cygwin.com/bugs.html
>>>>Documentation:         http://cygwin.com/docs.html
>>>>FAQ:                   http://cygwin.com/faq/
>>>
>>>-- 1 Timothy 4:12 (NIV)- Don't let anyone look down on you because you are young, but set an example for the believers
>>>in speech, in life, in love, in faith, and in purity.
>>>
>>>
>>>--
>>>Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>>>Bug reporting:         http://cygwin.com/bugs.html
>>>Documentation:         http://cygwin.com/docs.html
>>>FAQ:                   http://cygwin.com/faq/
>
>
>-- 
>1 Timothy 4:12 (NIV)- Don't let anyone look down on you because you are young, but set an example for the believers
>in speech, in life, in love, in faith, and in purity.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/